Configure CORS settings

Cross-Origin Resource Sharing (CORS) allows a server to indicate trusted origins that your browser is allowed to load resources from. For example, CORS checks for allowed domains, schemes, or ports. To ensure security, browsers make a "preflight" request to the server hosting the cross-origin resource, in order to verify that the server permits the actual request. In that preflight, the browser sends headers that indicate the HTTP method and headers that the actual request will use.

We use the cors property in the qtest.config file to validate the origin of incoming upgrade requests when clients want to establish a new connection with the websocket. To ensure your connections are secure, make sure you add trusted domains.

To add trusted domains, follow these steps:

1. In the qtest.config file, go to the cors setting. You'll find this under the security section in application configurations.

2. Enter your trusted domains inside the quotation marks. For example:

   cors = ".qtestnet.com, .qasymphony.com, .qtestdev.com, .qas-labs.com"

3. To apply your changes, restart the application with the following command:

   # Being INSTALL_BASE=/opt then
   cd $INSTALL_BASE/qtestctl
   ./qtestctl stop
   ./qtestctl start

   If you are using qTest as a service, use the following command to restart the application:

   # Being INSTALL_BASE=/opt then
   cd $INSTALL_BASE/qtestctl
   ./uninstall
   ./install