π¦ ClawHub
CORS Tester
by @johnnywang2001
Test and debug CORS (Cross-Origin Resource Sharing) configurations on live URLs. Use when checking if a server returns correct CORS headers, debugging CORS e...
TERMINAL
clawhub install cors-testerπ About This Skill
name: cors-tester description: Test and debug CORS (Cross-Origin Resource Sharing) configurations on live URLs. Use when checking if a server returns correct CORS headers, debugging CORS errors, testing preflight OPTIONS requests, verifying allowed origins/methods/headers, or auditing CORS security posture. Also use when generating CORS configurations for Apache, Nginx, Express, or other frameworks.
cors-tester
Test, debug, and generate CORS configurations from the command line.
Quick Start
# Test CORS headers on a URL
python3 scripts/cors_tester.py test https://api.example.com/data --origin https://myapp.comTest preflight (OPTIONS) request
python3 scripts/cors_tester.py preflight https://api.example.com/data --origin https://myapp.com --method POST --header "Content-Type"Generate CORS config for a framework
python3 scripts/cors_tester.py config --framework nginx --origins "https://myapp.com,https://staging.myapp.com" --methods "GET,POST,PUT,DELETE"Audit CORS security
python3 scripts/cors_tester.py audit https://api.example.com/data
Commands
test
Send a request with an Origin header and inspect the CORS response headers.python3 scripts/cors_tester.py test --origin [--method GET]
Options:
--origin β Origin to test (required)--method β HTTP method (default: GET)--verbose β Show all response headersOutput shows:
Access-Control-Allow-Origin β Whether the origin is allowedAccess-Control-Allow-Credentials β Whether credentials are supportedAccess-Control-Expose-Headers β Which headers are exposedpreflight
Send an OPTIONS preflight request to test if a cross-origin request would be allowed.python3 scripts/cors_tester.py preflight --origin [--method POST] [--header Content-Type]
Options:
--origin β Origin to test (required)--method β Method to request (default: POST)--header β Custom header to request (repeatable)Output shows:
Access-Control-Allow-Methods β Allowed methodsAccess-Control-Allow-Headers β Allowed headersAccess-Control-Max-Age β Preflight cache durationaudit
Check a URL for common CORS misconfigurations and security issues.python3 scripts/cors_tester.py audit
Checks for:
*) with credentialsVary: Origin headerAccess-Control-Max-Age)config
Generate CORS configuration snippets for common frameworks.python3 scripts/cors_tester.py config --framework --origins [--methods ] [--headers ] [--credentials]
Options:
--framework β Target: nginx, apache, express, flask, fastapi, rails--origins β Comma-separated allowed origins--methods β Comma-separated methods (default: GET,POST,OPTIONS)--headers β Comma-separated allowed headers (default: Content-Type,Authorization)--credentials β Allow credentials--max-age β Preflight cache (default: 86400)π‘ Examples
# Test CORS headers on a URL
python3 scripts/cors_tester.py test https://api.example.com/data --origin https://myapp.comTest preflight (OPTIONS) request
python3 scripts/cors_tester.py preflight https://api.example.com/data --origin https://myapp.com --method POST --header "Content-Type"Generate CORS config for a framework
python3 scripts/cors_tester.py config --framework nginx --origins "https://myapp.com,https://staging.myapp.com" --methods "GET,POST,PUT,DELETE"Audit CORS security
python3 scripts/cors_tester.py audit https://api.example.com/data