Apache JMeter plugin for making CORS-preflight requests before HTTP requests to resources on other origins.
Similar to how a browser preflights cross-origin requests, e.g. REST API requests from single-page applications, this plugin creates a preflight request if necessary, without the need to explicitly add a Sampler for it to the JMeter Test Plan.
It also simulates a CORS-preflight cache to avoid unnecessary preflight requests, just as a browser would.
Simply add a CORS Pre-Processor to the scope of any samplers that should make preflight requests.
- Sample Suffix: String to append to the preflight request's sample label (default: "-preflight").
- Clear cache each iteration?: When set to "True" or "False" the preflight cache can be explicitly cleared or kept between Thread iterations. When left blank, it is only cleared when Thread Group property "Same user on each iteration" is not set.
- Default expiry (seconds): Cache expiry duration to apply when no "Access-Control-Max-Age" header is returned. This allows overriding the 5 seconds the specification defines.
Via PluginsManager
Under tab "Available Plugins", select "CORS Pre-Processor", then click "Apply Changes and Restart JMeter".
Via Package from JMeter-Plugins.org
Extract the zip package into JMeter's home directory, then restart JMeter.
- Copy the jmeter-cors-plugin jar file into JMeter's lib/ext directory.
- Restart JMeter.
- Minimum JMeter version 5.2.1
- Timers, Pre-Processors, Post-Processors, and Assertions are not executed for the preflight request, but only once for the actual HTTP sampler. The preflight request will be made by a clone of the actual sampler after the preceding Pre-Processors have run. Pre-processors appearing after the CORS Pre-Processor will be effective for the actual sampler only.
- CORS Pre-Processors are not "aware" of one another, so if a sampler's scope contains more than one, multiple preflight requests will be made.