DayPath Journal

CORS for a dummy

I’ve asked this question: “Is it possible to verify CORS headers from a Visual Studio Integration Test?” (It would be nice to have the time to read “Network Programming in the .NET Framework.”) This question is based on a failed attempt to write an integration test using code from “Cross-origin resource sharing in ASP.NET Web Api.” This failure leaves me with new assertions:

  • .NET Security should prevent spoofing/mocking requests: the Origin header has to match a live server actually at the origin.
  • You should be able to use OPTIONS http requests to obtain response headers that provide information—like CORS information.

Related Links