Am having cors issues but i don't know how to reso...
# ktord
david dereba
10/09/2024, 1:03 PMAm having cors issues but i don't know how to resolve it, kindly assist.
Copy code
fun Application.configureHTTP() {
install(CORS) {
HttpMethod.DefaultMethods.forEach { allowMethod(it) }
allowHeaders { true }
anyHost() // @TODO: Don't do this in production if possible. Try to limit it.
}
}
fun main(args: Array<String>) {
EngineMain.main(args)
}
fun Application.module() {
configureSerialization()
configureDatabases()
configureHTTP()
configureSecurity()
configureRouting()
DatabaseFactory.init(this)
configureKoin()
testRoutesImplementation()
rolesRoutesImplementation()
usersRoutesImplementation()
userRolesRoutesImplementation()
authenticationImplementation()
locationsRoutesImplementation()
productCategoriesRoutesImplementation()
productsRoutesImplementation()
farmersRoutesImplementation()
aggregatorRoutesImplementation()
aggregatorFarmersRoutesImplementation()
aggregatorProductRoutesImplementation()
storeRoutesImplementation()
summariesRoutesImplementation()
}a
Aleksei Tirman [JB]
10/09/2024, 1:11 PMCan you describe the problem?
d
david dereba
10/09/2024, 1:14 PMOK.
The frontend is being blocked by CORS policy. actually the error is, no Acceess-Control-Allow-Origin Header is present on the requested resource
a
Aleksei Tirman [JB]
10/09/2024, 1:16 PMCan you share the server logs for the blocked request?
d
david dereba
10/09/2024, 1:22 PMAccess to XMLHttpRequest at 'http://109.123.254.230:8084/api/auth/v1/login' from origin 'http://localhost:5173' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
a
Abdulrahman Al Sabagh (Abudi)
10/09/2024, 1:28 PMYOu need allowCredentials = true I guess
d
david dereba
10/09/2024, 1:30 PM@Abdulrahman Al Sabagh (Abudi) Thanks man, Let me try it. I hope it works
a
Aleksei Tirman [JB]
10/09/2024, 1:30 PMIf I make the following request, the server responds with 200 status code and the
Access-Control-Allow-Origin Copy code
curl --request OPTIONS \
--url <http://109.123.254.230:8084/api/auth/v1/login> \
--header 'Access-Control-Request-Method: POST' \
--header 'Origin: <http://localhost:5173>'a
Abdulrahman Al Sabagh (Abudi)
10/09/2024, 1:31 PM Copy code
allowHeader(HttpHeaders.AccessControlAllowOrigin)a
Aleksei Tirman [JB]
10/09/2024, 1:32 PMCan you share the headers of the OPTIONS request which is made by the web browser?
d
david dereba
10/09/2024, 1:39 PM@Aleksei Tirman [JB], it is interesting because also when I access the request via postman it responds with 200 status.
these are the headers
Access to XMLHttpRequest at 'http://109.123.254.230:8084/api/auth/v1/login' from origin 'http://localhost:5173' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
request headers accept:
application/json, text/plain, /
accept-encoding:
gzip, deflate
accept-language:
en-GB,en
connection:
keep-alive
content-length:
51
content-type:
application/json
host:
109.123.254.230:8084
origin:
http://localhost:5173
referer:
http://localhost:5173/
sec-gpc:
1
user-agent:
Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Mobile Safari/537.36
response headers
2 requests
0 B transferred
0 B resources
HTTP/1.1 403 Forbidden
Content-Length: 0
Connection: keep-alive
r
Renan Kummer
10/09/2024, 1:59 PMThe Ktor docs (https://ktor.io/docs/server-cors.html) on CORS are very good, I suggest reading them to make sure you're setting it up as you'd like.
Copy code
allowNonSimpleContentTypes = true
allowCredentials = true
allowHeader(HttpHeaders.ContentType)
allowHeader(HttpHeaders.Authorization)a
Aleksei Tirman [JB]
10/09/2024, 1:59 PMMost likely, the problem is that the web browser doesn't send the
Access-Control-Request-MethodAleksei Tirman [JB]
10/09/2024, 2:02 PM> these are the headers
The request you shared seems to be the original one. Can you share the preflight request?
d
david dereba
10/09/2024, 2:08 PM@Renan Kummer Let me check it out. Thank you
david dereba
10/09/2024, 2:29 PMThank you so much guys, it has finally worked after doing this.
@Aleksei Tirman [JB], @Abdulrahman Al Sabagh (Abudi) and @Renan Kummer I really do appreciate.
Copy code
fun Application.configureHTTP() {
install(CORS) {
HttpMethod.DefaultMethods.forEach { allowMethod(it) }
allowHeaders { true }
allowHeader(HttpHeaders.AccessControlAllowOrigin)
allowCredentials = true
allowNonSimpleContentTypes = true
allowHeader(HttpHeaders.ContentType)
allowHeader(HttpHeaders.Authorization)
anyHost() // @TODO: Don't do this in production if possible. Try to limit it.
}
}a
Abdulrahman Al Sabagh (Abudi)
10/09/2024, 2:32 PMI actually stumbled upon the same issue 1-2 weeks ago
The solution was something like this
Copy code
allowMethod(HttpMethod.Put)
allowMethod(HttpMethod.Patch)
allowMethod(HttpMethod.Delete)
allowMethod(HttpMethod.Options)
allowMethod(HttpMethod.Get)
allowHeader(HttpHeaders.Authorization)
allowHeader(HttpHeaders.AccessControlAllowOrigin)
allowHeader(HttpHeaders.ContentType)
allowHeader(HttpHeaders.Authorization)
allowCredentials = true
allowSameOrigin = true
anyHost()Abdulrahman Al Sabagh (Abudi)
10/09/2024, 2:35 PMso the exact one to yours..
I didn't send it immediately , because I thought there may be a better solution
d
david dereba
10/09/2024, 7:45 PM@Abdulrahman Al Sabagh (Abudi) Yeah , they are actually the same.
😀 I wish you would have sent the solution earlier, I didn't enjoy that bug at all. But thanks man
3 Views