CORS
Imposter supports CORS (Cross-Origin Resource Sharing), which is a mechanism that allows a web page to make a request to a server in a different domain. This is useful for web applications that are hosted on a different domain to the mock endpoint they are consuming.
To configure CORS, add the following to your configuration:
Warning This will allow all origins to make requests to the mock endpoint. This is not recommended for production use.
Specifying allowed origins
You can specify the allowed origins using the allowOrigins property. This is a list of strings, where each string is a domain or subdomain that is allowed to make requests to the mock endpoint.
Special values
You can use the following special values for the allowOrigins property:
all- allows all origins to make requests to the mock endpoint, echoing the value of theOriginheader in theAccess-Control-Allow-Originresponse header. This effectively disables CORS.*- allows all origins to make requests to the mock endpoint, however, specific limitations such as use ofAccess-Control-Allow-Credentialsapply. See here for more information.
Specifying allowed headers
You can specify the allowed headers using the allowHeaders property. This is a list of strings, where each string is a header that is allowed to be sent in a request to the mock endpoint.
Specifying allowed methods
You can specify the allowed methods using the allowMethods property. This is a list of strings, where each string is an HTTP method that is allowed to be sent in a request to the mock endpoint.
Setting the max age
You can set the max age using the maxAge property. This is an integer value, representing the number of seconds that the browser should cache the CORS preflight response.
Allowing credentials
You can allow credentials to be sent in a request to the mock endpoint using the allowCredentials property. This is a boolean value.