CORS-Header with Browser

Hello guys/gals.

I am experiencing an “CORS Missing Allow Origin” Error during my automated testing.
My “research” into that error yielded, that I would need some additional response-headers to the effect of:
“Access-Control-Allow-Credentials: true”
“Access-Control-Allow-Origin: *”

I am looking into a proxy solution to this problem, but It feels like there should be some Option in the “New Browser”/“New Context”-Method to resolve this issue.

Maybe I am missing some existing capabilities. Any help would be appreciated :slight_smile:

Kind Regards

I am pretty sure that the problem should be solvable on my side (rather than only from the third-party server side), because the HTTP(S)-Request are appropriatly handled when I manually execute them through a classic browser or Postman.

When I debug my test, open up the firefox-inspector and resend the http-requests, I receive the correct response. And my request suddenly also uses HTTPS instead of HTTP.
I am now -officially- confused…

I think you can use --disable-web-security for your case from New Browser args.

I don’t see this option in the documentation. I wil give a try tho. ^^

Do I apply this as a key-value pair for the “New Browser”-Keyword? Because your syntax looks like a CLI-Flag.

Okay. the flag you gave me is to be used in CLI on Playwright level. Any tipps on how to achieve that result from within a .robot-Script?

There is a “BypassCSP” Flag in the “Open Browser”-Keyword. And it is enabled by default.

So on one hand I found what I was looking for, on the other hand my problem persists x)