10

I've been used wiremock effectively for some time now, and I wanted to enable CORS access to the mocked APIs.

I've tried setting Access-Control-Allow-Origin: * and other headers in the response header, both to no avail.

Here's an example of a mapping that I have:

{
    "request": {
        "method": "POST",
        "urlPattern": "/api/v2/general/login[\\/\\&\\?]*",
        "bodyPatterns": [{
            "equalToJson": "{\"password\":\"password\",\"username\":\"john@cougar.com\"} ",
            "jsonCompareMode": "LENIENT",
            "ignoreArrayOrder" : true,
            "ignoreExtraElements" : true
        }]
    },
    "response": {
        "status": 200,
        "headers": {
            "Content-Type": "application/json",
            "Access-Control-Allow-Origin" : "*",
            "Access-Control-Allow-Methods" : "*",
            "Access-Control-Allow-Headers": "Accept, Content-Type, Content-Encoding, Server, Transfer-Encoding",
            "X-Content-Type-Options" : "nosniff",
            "x-frame-options" : "DENY",
            "x-xss-protection" : "1; mode=block"
        },
        "bodyFileName": "/login_response_johncougar.json"
    }
}

What am I doing wrong here that's causing CORS to not work?

Thanks in advance.

johncougar
  • 276
  • 2
  • 3
  • 10
  • What kind of request are you making? If it's anything other than GET you'll need to implement an OPTIONS stub with some CORS headers too. – Tom Feb 23 '17 at 21:50
  • @Tom, I'm making both GET and POST requests. What did you mean by "implement an OPTIONS stub with some CORS headers"? – johncougar Mar 08 '17 at 20:08
  • The CORS protocol requires browsers to make an OPTIONS "preflight" request to check what they're allowed to do prior to making a request that matches certain criteria. Worth taking a look at https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests – Tom Mar 08 '17 at 21:44
  • Has this been fixed if so how did you get it to work? I stubbed a request for the OPTIONS request. But it doesn't make the POST which I want after it. – Phil Kearney Apr 14 '17 at 15:02

5 Answers5

6

You can disable cors by adding --enable-stub-cors flag

  • Standalone example :
java -jar wiremock-jre8-standalone-2.31.0.jar --port 8081 --enable-stub-cors
  • Docker example :
docker run -it --rm -p 8081:8080 --name wiremock-yadoms -v $PWD:/home/wiremock wiremock/wiremock --enable-stub-cors
odah
  • 61
  • 1
  • 4
5

I have just managed to fix this issue. Actually solution was here already Adding headers to Jetty in Wiremock.

Because your browser sends a CORS preflight request before making any actual request, you will need to set up your wiremock to stub the OPTIONS request and send back headers.

For example,
Access-Control-Allow-Origin = "*", Access-Control-Allow-Headers: "content-type", Access-Control-Allow-Methods = "POST, GET".

Access-Control-Allow-Headers's value has to be the same values the Access-Control-Request-Headers header contained Request header field Access-Control-Allow-Headers is not allowed by itself in preflight response.

All your responses have to send back header "Access-Control-Allow-Origin": "*" as well.

Alan Ho
  • 646
  • 9
  • 5
3

Here is a sample and this works

{
 "request":
 {
 "urlPattern": "/country/([a-z]*)",
 "method": "GET"
 },

 "response":
 {
 "status": 200,
 "headers":
 {
 "Content-Type" : "application/json",
 "Access-Control-Allow-Origin" : "*",
 "Access-Control-Allow-Methods" : "*",
 "Access-Control-Allow-Headers": "Accept, Content-Type, Content-Encoding, Server, Transfer-Encoding",
 "X-Content-Type-Options" : "nosniff",
 "x-frame-options" : "DENY",
 "x-xss-protection" : "1; mode=block"
 },
 "body": "{ \"statusCode\" : \"S1000\", \"statusDescription\" : \"Success\", \"content\" : [ { \"id\" : \"1111\", \"name\" : \"aaaa\"}, { \"id\" : \"2222\", \"name\" : \"asd\" } ] }"
 }
}

Use this as it is, wiremock is peculiar when it comes to spacing, here i have used a single space instead of tab, hope it helps.

Saahithyan Vigneswaran
  • 6,841
  • 3
  • 35
  • 45
2

I had the same problem. After a long time search without finding the solution I started to play with the groovy file and finally I found the solution.

You just need to add each header in header() method. this will solve the problem. So your sample groovy contract will be like this:

{
  "request": {
    "method": "POST",
    "urlPattern": "/api/v2/general/login[\\/\\&\\?]*",
    "bodyPatterns": [{
      "equalToJson": "{\"password\":\"password\",\"username\":\"john@cougar.com\"} ",
      "jsonCompareMode": "LENIENT",
      "ignoreArrayOrder": true,
      "ignoreExtraElements": true
    }]
  },
  "response": {
    "status": 200,
    "headers": {
      header("Content-Type": "application/json"),
      header("Access-Control-Allow-Origin": "*"),
      header("Access-Control-Allow-Methods": "*"),
      header("Access-Control-Allow-Headers": "Accept, Content-Type, Content-Encoding, Server, Transfer-Encoding"),
      header("X-Content-Type-Options": "nosniff"),
      header("x-frame-options": "DENY"),
      header("x-xss-protection": "1; mode=block")
    },
    "bodyFileName": "/login_response_johncougar.json"
  }
}

I hope it will solve your problem (Actually it will be useful if you use groovy contracts).

Simson
  • 3,373
  • 2
  • 24
  • 38
hossein shemshadi
  • 183
  • 1
  • 11
0

For Angular developers:
first Install wiremock with following command:

npm install wiremock

Then:

    "scripts": {
            "ng": "ng",
            "start": "ng serve",
            "wiremock": "wiremock --root-dir ./wiremock --port 8080 --enable-stub-cors true --enable-browser-proxying",
        
        ...
        }
Ahwar
  • 1,746
  • 16
  • 30
ekarimova
  • 1
  • 1