CORS Testing in Postman

Normally, when we use Postman to test an API, we won’t see CORS issues occurring. This is because Postman is not a browser, so it isn’t limited by the CORS policy.

However, there’s a handy way to test CORS in Postman. Let’s see how to make it work.

1. Create a new Request

2. In the “Headers” section, Add an “Origin” header

   

3. Click the “Send” button to send the request

   Now, whenever the server is properly configured for CORS to allow requests from other origins, the response status code is always 200. To confirm if the cross-origin is successful, you need to check the response headers.

   • If the cross-origin request fails, the response headers will not contain any info relates to cross-origin

   

   • For successful cross-origin requests, the response will contain headers related to cross-origin