3

I'm looking for ways to inspect failed CORS requests to HTTPS endpoint in google Chrome. It would seem that when requests fail, they do not show up in the developer tools networking tab. Instead I only see error messages in the console as follows.

XMLHttpRequest cannot load https://someOtherDomain.com:8443/some/path. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.mysite.com' is therefore not allowed access.

I'm fully aware of what this error message is telling me, however I'm trying to deduce wether or not there is something interfering with the response in between the client an server.

Ryan Pfeffer
  • 855
  • 9
  • 18
  • i see failed cors requests in red on my chrome's network tab... – dandavis Jul 24 '14 at 19:17
  • Sadly, it seems that not all CORS request failures are handled in the same way on Chrome. Too bad, as it would made this problem easier to diagnose indeed. – Ryan Pfeffer Jul 26 '14 at 19:06
  • Agreed. Sometimes 3rd party servers don't set the headers properly and we need to see the response in order to provide a useful bug report. I see the CORS requests in the inspector in red as well, but without the response information filled in (no headers, no preview). It looks like the devtools JS is just as restricted by browser policy as regular JS (which is probably a good thing). The best way I've found is to right-click, `Copy, as Curl`, paste into a terminal (adding the `-v` option), and re-executing the request there. – Raman Sep 03 '19 at 12:13

1 Answers1

0

however I'm trying to deduce whether or not there is something interfering with the response in between the client an server.

So you want to take a look what headers etc were sent even though the server is not sending the required Access-Control-Allow-Origin header along with the response?

With Google Chrome, you can turn off some security features by launching it with the flag --disable-web-security, opening the browser up like this this will let you debug what you're asking about, but it won't prevent that error message for other people, you'd still need to fix it

With your browser in this mode, you'll now be able to see the requests without the error being thrown, so be able to inspect them as normal

An example of how you might open the browser like this from the cmd on a Windows 7 (x64) machine

start "" "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "--disable-web-security"

For more, see here

Don't run Chrome like this for normal web browsing

Community
  • 1
  • 1
Paul S.
  • 58,277
  • 8
  • 106
  • 120