🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
πŸ¦€ ClawHub

CORS Tester

by @johnnywang2001

Test and debug CORS (Cross-Origin Resource Sharing) configurations on live URLs. Use when checking if a server returns correct CORS headers, debugging CORS e...

Versionv1.0.0
Downloads637
TERMINAL
clawhub install cors-tester

πŸ“– About This Skill


name: cors-tester description: Test and debug CORS (Cross-Origin Resource Sharing) configurations on live URLs. Use when checking if a server returns correct CORS headers, debugging CORS errors, testing preflight OPTIONS requests, verifying allowed origins/methods/headers, or auditing CORS security posture. Also use when generating CORS configurations for Apache, Nginx, Express, or other frameworks.

cors-tester

Test, debug, and generate CORS configurations from the command line.

Quick Start

# Test CORS headers on a URL
python3 scripts/cors_tester.py test https://api.example.com/data --origin https://myapp.com

Test preflight (OPTIONS) request

python3 scripts/cors_tester.py preflight https://api.example.com/data --origin https://myapp.com --method POST --header "Content-Type"

Generate CORS config for a framework

python3 scripts/cors_tester.py config --framework nginx --origins "https://myapp.com,https://staging.myapp.com" --methods "GET,POST,PUT,DELETE"

Audit CORS security

python3 scripts/cors_tester.py audit https://api.example.com/data

Commands

test

Send a request with an Origin header and inspect the CORS response headers.

python3 scripts/cors_tester.py test  --origin  [--method GET]

Options:

  • --origin β€” Origin to test (required)
  • --method β€” HTTP method (default: GET)
  • --verbose β€” Show all response headers
  • Output shows:

  • Access-Control-Allow-Origin β€” Whether the origin is allowed
  • Access-Control-Allow-Credentials β€” Whether credentials are supported
  • Access-Control-Expose-Headers β€” Which headers are exposed
  • preflight

    Send an OPTIONS preflight request to test if a cross-origin request would be allowed.

    python3 scripts/cors_tester.py preflight  --origin  [--method POST] [--header Content-Type]
    

    Options:

  • --origin β€” Origin to test (required)
  • --method β€” Method to request (default: POST)
  • --header β€” Custom header to request (repeatable)
  • Output shows:

  • Access-Control-Allow-Methods β€” Allowed methods
  • Access-Control-Allow-Headers β€” Allowed headers
  • Access-Control-Max-Age β€” Preflight cache duration
  • audit

    Check a URL for common CORS misconfigurations and security issues.

    python3 scripts/cors_tester.py audit 
    

    Checks for:

  • Wildcard origin (*) with credentials
  • Origin reflection (server echoes any origin back)
  • Missing Vary: Origin header
  • Overly permissive allowed methods
  • Missing preflight cache (Access-Control-Max-Age)
  • config

    Generate CORS configuration snippets for common frameworks.

    python3 scripts/cors_tester.py config --framework  --origins  [--methods ] [--headers ] [--credentials]
    

    Options:

  • --framework β€” Target: nginx, apache, express, flask, fastapi, rails
  • --origins β€” Comma-separated allowed origins
  • --methods β€” Comma-separated methods (default: GET,POST,OPTIONS)
  • --headers β€” Comma-separated allowed headers (default: Content-Type,Authorization)
  • --credentials β€” Allow credentials
  • --max-age β€” Preflight cache (default: 86400)
  • πŸ’‘ Examples

    # Test CORS headers on a URL
    python3 scripts/cors_tester.py test https://api.example.com/data --origin https://myapp.com

    Test preflight (OPTIONS) request

    python3 scripts/cors_tester.py preflight https://api.example.com/data --origin https://myapp.com --method POST --header "Content-Type"

    Generate CORS config for a framework

    python3 scripts/cors_tester.py config --framework nginx --origins "https://myapp.com,https://staging.myapp.com" --methods "GET,POST,PUT,DELETE"

    Audit CORS security

    python3 scripts/cors_tester.py audit https://api.example.com/data