CORS Tester

Use this little website to test if a URL is setup correctly to work with CORS.

Shareable link: https://cors-test.codehappy.dev/?url=https%3A%2F%2Fsite-api.datocms.com%2Fediting-sessions%2F&origin=https%3A%2F%2Fsitename.admin.datocms.com%2F&method=get

Results

This URL will only work for specific domains.

What's that mean?

This url can only be loaded by pages that match https://sitename.admin.datocms.com/. If you're trying to load it from a different origin and it's not working, you'll need to change it so the access-control-allow-origin header is set to *.

Headers

These are the response headers received when making the request.


  access-control-allow-credentials: true
access-control-allow-headers: authorization, content-type, x-environment, x-organization, x-site-domain, x-api-version, user-agent, x-session-id, x-include-drafts, x-exclude-invalid, x-visual-editing, x-base-editing-url, x-cache-tags, x-datocms-trace
access-control-allow-methods: GET, POST, PUT, OPTIONS, DELETE
access-control-allow-origin: https://sitename.admin.datocms.com/
access-control-expose-headers: x-ratelimit-limit, x-ratelimit-remaining, x-ratelimit-reset, x-complexity, x-max-complexity, x-cache-tags
access-control-max-age: 1728000
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 90fc5c4ab338c93c-IAD
connection: keep-alive
content-type: application/json; charset=utf-8
date: Mon, 10 Feb 2025 13:14:10 GMT
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
referrer-policy: strict-origin-when-cross-origin
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1739193248&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=Xa6dOep70qaRy0impFaYP59Jqbc8kLGBaGakXptnkIk%3D"}]}
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1739193248&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=Xa6dOep70qaRy0impFaYP59Jqbc8kLGBaGakXptnkIk%3D
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
transfer-encoding: chunked
vary: Accept-Encoding
via: 1.1 vegur
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-queue-time: 1111ms
x-request-id: 33740281-3b73-4a65-b495-46f1d4cb4422
x-runtime: 0.301060
x-xss-protection: 0

CORS tester was built by @mscccc. The code is available on GitHub. Sponsored by HTML/CSS to Image.