CORS exchange analyzer

[pimterry]

A CORS exchange analyser would be brilliant, one that explains more clearly than Edge does exactly what is wrong and what needs to change for the request to work

In addition to Will It CORS, and this could plausibly integrate with that in some way too?

Should be possible to spot normal & preflight requests, and show an extra CORS card which includes metadata explaining what happened, why, and (where relevant) how you might want to change it (similar to the performance card caching info).

What are the notable cases that mean you've probably made a mistake?

• Normal successful responses that don't match the incoming CORS headers: either the API shouldn't send the data at all, or the client should be trying to use an API that doesn't support CORS
• Successful preflight response that don't match the incoming CORS headers: ditto
• Invalid combinations, e.g. Access-Control-Allow-Headers: * when an Authorization header was requested.

---

Does this affect you too? Click below and add a :+1: to vote for this and help decide where HTTP Toolkit goes next, or go vote on the other most popular ideas so far.

[jsoref]

Will It CORS is why we tried httptoolkit.

The case we have is a preflight request that resulted in the actual request never being sent (HTTP 0 Error).