Hi :wave: confused by the cors plugin. I have the...
# ktor
r
Hi 👋 confused by the cors plugin. I have the following module
Copy code
fun Application.myApplicationModule() {
    install(CallLogging) {
        level = Level.TRACE
    }
    install(CORS) {
        allowHeader(HttpHeaders.ContentType)
        anyHost()
    }
    routing {
        route("/testing") {
            post {
                call.respond("hi")
            }
        }
    }
}
but, if I run
curl -i -X OPTIONS <http://localhost:8080>
I get a 404 not found. If I instead do
curl -i -X OPTIONS <http://localhost:8080/testing>
I get a 405. Based on the cors doc, it makes it sound like options should be autoconfigured, but they are not. Does anyone know what I am doing wrong?
t
CORS wouldn't make a difference here? CORS is to basically tell webbrowsers that you're cool with a request being made while the browser is on a page of a different domain
You have
/testing
registered as a
post
but curl will default to
get
change
post
to
get
and you should see a
hi
response
r
sorry should have included some more info. I'm only concerned with the headers that CORS should be injecting. This needs to be a post, because I am building out a graphql api with the intent of integrating w/ apollo studio https://studio.apollographql.com So ultimately, this is where the request will be coming from. And their diagnosis tool also confirms that something is not right with the cors config
Copy code
Diagnosing <http://localhost:8080/graphql>
âš   OPTIONS response is missing header 'access-control-allow-methods: POST'
(📫 Interested in previewing a local tunnel to bypass CORS requirements? Please let us know at <https://docs.google.com/forms/d/e/1FAIpQLScUCi3PdMerraiy6GpD-QiC_9KEKVHr4oDL5Vef5fIvzqqQWg/viewform> )
t
That is making an
OPTIONS
request which isn't supported by default
r
yea i had noticed that too, but adding option makes no difference
diagnosis tool gives same result
t
Yeah, you don't have a
/graphql
route registered, you don't have it handling an options request, and you aren't returning the headers
r
yea that's not the issue, sorry, I had modified my initial text to avoid being confusing. full code
Copy code
fun main() {
    embeddedServer(CIO, port = 8080, module = Application::myApplicationModule).start(wait = true)
}

fun Application.myApplicationModule() {
    install(CallLogging) {
        level = Level.TRACE
    }
    install(CORS) {
        allowHeader(HttpHeaders.ContentType)
        allowMethod(HttpMethod.Options)
        anyHost()
    }
    routing {
        route("/") {
            post {
                val models = getOgModels()
                val sdl = generateCustomObjectGraph(models).toString()
                val schema = parseSdl(sdl).validateAsSchema().value!!.toIntrospectionSchema().toJson()
                call.response.header("content-type", "application/json")
                call.respondText(schema)
            }
        }
    }
}
And the diagnosis tool
npx diagnose-endpoint@1.1.0 --endpoint=<http://localhost:8080>
i don't think this is a "this endpoint exists, this endpoint doesn't" issue
🆗 1
Ideally this all lives at root, I had just tried adding it at
/graphql
in case that was somehow interfering with the plugin
but... no luck 😞
a
You have to send the
Origin
and
Access-Control-Request-Method
headers to satisfy CORS:
Copy code
curl -i -H "Origin: <http://origin.com>" -H "Access-Control-Request-Method: POST" -X OPTIONS <http://127.0.0.1:8080/>