CORS for a dummy

I’ve asked this StackOverflow.com question: “Is it possible to verify CORS headers from a Visual Studio Integration Test?” (It would be nice to have the time to read “Network Programming in the .NET Framework.”) This StackOverflow.com question is based on a failed attempt to write an integration test using code from “Cross-origin resource sharing in ASP.NET Web Api.” This failure leaves me with new assertions:

• .NET Security should prevent spoofing/mocking requests: the Origin header has to match a live server actually at the origin.
• You should be able to use OPTIONS http requests to obtain response headers that provide information—like CORS information.

Related Links

• “An Introduction to Content Security Policy”
• “Wei Lu: HTTP Headers—The Simplest Security—JSConf.Asia 2014”

https://github.com/BryanWilhite/