There is already nice article about Using Fiddler to force a web service to support CORS for debugging
. However, it was written in 2013 and I am going here to little bit update the code for Fiddler v4.5.1.0.
So, you need to add:
public static RulesOption("Force CORS")
BindPref("fiddlerscript.rules.m_ForceCORS")
var m_ForceCORS: boolean = false;
just at the beginning of class Handlers
.
In function static function OnBeforeResponse(oSession: Session) {
add:
if (m_ForceCORS && (oSession.oRequest.headers.HTTPMethod == "OPTIONS" || oSession.oRequest.headers.Exists("Origin")))
{
if(!oSession.oResponse.headers.Exists("Access-Control-Allow-Origin"))
{
oSession.oResponse.headers.Add("Access-Control-Allow-Origin", "*");
}
if(!oSession.oResponse.headers.Exists("Access-Control-Allow-Methods"))
{
oSession.oResponse.headers.Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS");
}
if (oSession.oRequest.headers.Exists("Access-Control-Request-Headers"))
{
if (!oSession.oResponse.headers.Exists("Access-Control-Allow-Headers"))
oSession.oResponse.headers.Add(
"Access-Control-Allow-Headers"
, oSession.oRequest.headers["Access-Control-Request-Headers"]
);
}
if (!oSession.oResponse.headers.Exists("Access-Control-Max-Age"))
{
oSession.oResponse.headers.Add("Access-Control-Max-Age", "1728000");
}
if (!oSession.oResponse.headers.Exists("Access-Control-Allow-Credentials"))
{
oSession.oResponse.headers.Add("Access-Control-Allow-Credentials", "true");
}
oSession.responseCode = 200;
}
After that save changes and you should see Force CORS option in the Fiddler menu.
Leave a Reply