I’ve asked this StackOverflow.com question: “Is it possible to verify CORS headers from a Visual Studio Integration Test?” (It would be nice to have the time to read “Network Programming in the .NET Framework.”) This StackOverflow.com question is based on a failed attempt to write an integration test using code from “Cross-origin resource sharing in ASP.NET Web Api.” This failure leaves me with new assertions:
- .NET Security should prevent spoofing/mocking requests: the
Originheader has to match a live server actually at the origin.
- You should be able to use
OPTIONShttp requests to obtain response headers that provide information—like CORS information.