API Testing : Check CORS preflight

Language: Java

Framework: Rest assured

1/​/​Assumptions:2/​/​The API is up and running in a local environment.3/​/​The API supports CORS preflight requests.45import org.junit.Test;6import io.restassured.RestAssured;7import static io.restassured.RestAssured.given;89public class APITest {1011 @Test12 public void testCORS() {13 /​/​Connect to local driver14 RestAssured.baseURI = "http:/​/​localhost:8080";1516 /​/​Add commented code to connect to remote client with desired capabilities17 /​*DesiredCapabilities caps = new DesiredCapabilities();18 caps.setCapability("browserName", "Chrome");19 caps.setCapability("platform", "Windows 10");20 WebDriver driver = new RemoteWebDriver(21 new URL("http:/​/​localhost:4444/​wd/​hub"), caps);*/​2223 /​/​Set headers for preflight request24 given()25 .header("Access-Control-Request-Method", "POST")26 .header("Access-Control-Request-Headers", "content-type, authorization")27 .header("Origin", "http:/​/​localhost:8081")28 /​/​Send preflight request to API29 .when()30 .options("/​api/​login")31 /​/​Assertions for preflight response32 .then()33 .assertThat()34 .statusCode(200)35 .header("Access-Control-Allow-Origin", "http:/​/​localhost:8081")36 .header("Access-Control-Allow-Methods", "POST")37 .header("Access-Control-Allow-Headers", "content-type, authorization");3839 /​/​Send actual request to API40 given()41 .header("content-type", "application/​json")42 .header("authorization", "Bearer someToken")43 .header("Origin", "http:/​/​localhost:8081")44 .body("{\n" +45 " \"username\": \"username\",\n" +46 " \"password\": \"password\"\n" +47 "}")48 /​/​Assertions for actual response49 .when()50 .post("/​api/​login")51 .then()52 .assertThat()53 .statusCode(200)54 .header("Access-Control-Allow-Origin", "http:/​/​localhost:8081");55 }56}

Language: Javascript

1/​/​ Mocha, Chai, SuperTest.23/​/​Assuming the API URL is "https:/​/​example.com/​api"4const request = require('supertest');5const expect = require('chai').expect;6const app = require('../​app.js'); /​/​Assuming the app is designed using Express.js78describe('CORS preflight request test', function () {9 it('Should handle CORS preflight requests and return the correct response', async function () {10 const response = await request(app)11 .options('/​api')12 .set('Origin', 'https:/​/​example.com')13 .set('Access-Control-Request-Method', 'GET');1415 /​/​Verifying returned HTTP status code16 expect(response.status).to.equal(200);1718 /​/​Verifying returned response headers19 expect(response.headers['access-control-allow-origin']).to.equal('https:/​/​example.com');20 expect(response.headers['access-control-allow-methods']).to.equal('GET');21 expect(response.headers['access-control-allow-headers']).to.equal('*');22 expect(response.headers['access-control-max-age']).to.equal('86400');2324 /​/​Verifying returned response body25 expect(response.body).to.be.empty;2627 });2829 /​/​Code to connect to remote client with desired capabilities30 /​/​ const remoteWebDriver = require('selenium-webdriver/​remote');31 /​/​ const driver = new remoteWebDriver.Builder()32 /​/​ .usingServer('http:/​/​<remote_server_ip>:4444/​wd/​hub')33 /​/​ .withCapabilities(webdriver.Capabilities.<browser_name>())34 /​/​ .build();35});

Disclaimer: Following code snippets and related information have been sourced from GitHub and/or generated using AI code generation tools. LambdaTest takes no responsibility in the accuracy of the code and is not liable for any damages.

Accelerate Your Automation Test Cycles With LambdaTest

Leverage LambdaTest’s cloud-based platform to execute your automation tests in parallel and trim down your test execution time significantly. Your first 100 automation testing minutes are on us.

Start Free Testing