CORS Support

MockServer and the proxy has support for CORS. By default CORS support is enabled for the REST API and disabled for all other requests (such as when expectations are matched).

When CORS support is enabled the following headers are added:

Access-Control-Allow-Origin: "*"
Access-Control-Allow-Methods: "CONNECT, DELETE, GET, HEAD, OPTIONS, POST, PUT, TRACE"
Access-Control-Allow-Headers: "Allow, Content-Encoding, Content-Length, Content-Type, ETag, Expires, Last-Modified, Location, Server, Vary"
Access-Control-Expose-Headers: "Allow, Content-Encoding, Content-Length, Content-Type, ETag, Expires, Last-Modified, Location, Server, Vary"
Access-Control-Max-Age: "300"
X-CORS: "MockServer CORS support enabled by default, to disable ConfigurationProperties.enableCORSForAPI(false) or -Dmockserver.disableCORS=false"

CORS support can be enabled for all enabled for all requests-responses by enabling the enableCORSForAllResponses property.

ConfigurationProperties.enableCORSForAllResponses(true)

java -DenableCORSForAllResponses=true -jar "~/Downloads/mockserver-netty-5.2.3-jar-with-dependencies.jar" -serverPort 1080 -proxyPort 1090

CORS support is enabled by default for the REST API. CORS support can be disabled the REST API by disabling the enableCORSForAPI property.

ConfigurationProperties.enableCORSForAPI(false)

java -DenableCORSForAPI=false -jar "~/Downloads/mockserver-netty-5.2.3-jar-with-dependencies.jar" -serverPort 1080 -proxyPort 1090