💡 Big News! 🧙 AI Wizard - Instant Page Insights is Here : Explore Smarter, Friendlier Solutions Just for You →
Security
Corstest

To test CORS using curl, you can simulate both preflight (OPTIONS) and actual GET/POST requests by setting custom headers.

✅ 1. Test Preflight (OPTIONS) Request

This simulates a browser preflight request:

curl -i -X OPTIONS https://x.x.com \
  -H "Origin: https://example.com" \
  -H "Access-Control-Request-Method: GET" \
  -H "Access-Control-Request-Headers: Content-Type, Authorization"

✅ You should see response headers like:

HTTP/1.1 204 No Content
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization
Access-Control-Allow-Credentials: true

✅ 2. Test Actual GET Request with CORS

This simulates a CORS request from a browser-based client:

curl -i -X GET https://x.x.com \
  -H "Origin: https://example.com"

You should see a successful HTTP 200 (or similar) with:

Access-Control-Allow-Origin: *

✅ 3. Test CORS Denial Case (For Comparison)

To validate that CORS is working as expected (not always open), try from an origin that should be blocked (if you configured a specific origin):

curl -i -X GET https://x.x.com \
  -H "Origin: https://unauthorized.com"

You should not see Access-Control-Allow-Origin in the response if the origin is restricted.

🧪 Optional: Verbose Debugging

curl -i -v -X OPTIONS https://x.x.com \
  -H "Origin: https://example.com" \
  -H "Access-Control-Request-Method: GET"

This shows SSL negotiation, redirects, and response headers line by line.

Vpn Azure AwsCurl
🧙 AI Wizard - Instant Page Insights

Click the button below to analyze this page.
Get an AI-generated summary and key insights in seconds.
Powered by Perplexity AI!