https://kotlinlang.org logo
Join Slack
Powered by
Hi al, I am using Ktor client to Kror server. I am...
# ktor
f
Hi al, I am using Ktor client to Kror server. I am using cokies. And Without CORS, it works fine
Copy code
install(Sessions) {
    cookie<RegularUserSession>("regular_user_session", SessionStorageMemory())
    cookie<GoogleUserSession>("google_user_session", SessionStorageMemory())
}
Copy code
install(CORS) {
    allowHeader("regular_user_session")
    exposeHeader("regular_user_session")
    allowHeader("google_user_session")
    exposeHeader("google_user_session")
    allowMethod(HttpMethod.Options)
    allowMethod(HttpMethod.Put)
    allowMethod(HttpMethod.Delete)
    allowMethod(HttpMethod.Patch)
    allowHeader(HttpHeaders.Authorization)
    allowHeader(HttpHeaders.AccessControlAllowOrigin)
    allowNonSimpleContentTypes = true
    allowSameOrigin = true
    anyHost()
}
tried allowHeader only or exposeHeader only or both
Copy code
HttpClient(engineFactory) {
    install(HttpCookies)
}
On same host client: 1. Connection: keep-alive 2. Content-Encoding: deflate 3. Content-Type: application/json 4. Set-Cookie: regular_user_session=75f7618f14d56eaa81f04b0564146e4d; Max-Age=604800; Expires=Mon, 29 Aug 2022 111024 GMT; Path=/; HttpOnly; $x-enc=URI_ENCODING 5. transfer-encoding: chunked On COSRS client: 1. Access-Control-Allow-Origin: * 2. Access-Control-Expose-Headers: google_user_session, regular_user_session 3. Connection: keep-alive 4. Content-Encoding: deflate 5. Content-Type: application/json 6. Set-Cookie: regular_user_session=a848eb176774abd4ded030892bc5615f; Max-Age=604800; Expires=Mon, 29 Aug 2022 110931 GMT; Path=/; HttpOnly; $x-enc=URI_ENCODING 7. transfer-encoding: chunked But it still doesn't works on CORS client. I dont know why
a
Could you please tell me what exactly doesn’t work?
a
what error(s) are you getting when you do this?
f
I am not getting error. Just session on server doesn't work
a
so when you perform requests across CORS, the server doesn’t see any cookie alongside the request?
a
Do you know the exact problem? Doesn’t server receive some headers?
a
i.e. the cookie that you got with Set-Cookie is not sent back?
f
yes. it is not sent back
but only in cors
a
yeah, debugging this sort of thing can be a bit tricky… if you inspect the request in the browser (I’m assuming this is on a browser?) do you see the cookie being sent to the server?
f
Yes, exactly
Dev server is localhost:8000 webpack is localhost:3000
a
that’s interesting 🤔 I would assume Ktor doesn’t care about CORS or configs or whatever, if the request has a 
Cookie
header, you should be able to access the cookie
f
I thought as well, thats why I am strugling, it doesnt makes sense
a
what’s the full contents of the 
Cookie
header in the request, and how do you access it in code?
f
In working case it is regular_user_session=136a98dd1a45358566507c283390e808 in CORS case it is missing.
Copy code
val newSession = userController.getRegisteredUser(email, password)
call.sessions.set(newSession)
setting just session data with token and some id
Copy code
sessions.get<UserSession.RegularUserSession>()
I think, there is problem with cookie store on client site. Client is storing under domain "localhost:3000" , so when requesting localhost:8000, it won't use
a
can you see the cookie if you look in the raw headers, i.e. 
call.request.cookies
?
ah, so if I understand you correctly, in the CORS case, the 
Cookie
header is not set by the browser?
f
I think, it is set, but under domain, where I am accessing ktor client,
I am calling from localhost:3000 url on localhost:8000
a
so if I understand your setup correctly, your browser has localhost:3000 open. And in the devtools console, you can inspect the requests made to localhost:8000, your ktor server. And these requests contain the 
Cookie
header?
f
Yes and no, the Cookie header is missing
a
ah. ok. That explains why it’s not visible for Ktor, at least 🙂 So hopefully it’s not a Ktor issue, but some header or something is missing that causes the cookie to not be set
I remember debugging this once. I don’t remember the specifics But I remember that it was either firefox or chrome that printed a useful error message in the console when I tried to set a cookie that the browser didn’t accept
btw, I don’t believe 
*Access-Control-Expose-Headers:* google_user_session, regular_user_session
has any effect - the header being used here is 
Cookie
have you remembered to include credentials when you make the actual request, btw? I’m not sure how you access localhost:8000 from localhost:3000, but if you use 
fetch
, you have to specify 
credentials: "include"
f
But I think browser wrote it to localhost:3000 instead of localhost:8000. When I am accessing some script from localhost:3000 , cokokie is there
Copy code
val response = client.get("${serverUrl}/api/user/identity") {
    Napier.d { "checkIdentity" }
}
I will try different approach client.get { url { protocol = URLProtocol.HTTPS host = "ktor.io" path("docs/welcome.html") } }
I have to probably set
Copy code
cookie.secure = true
cookie.extensions["SameSite"] = "None"
and enable self signed SSL
devServerProxy should be used for this case
Copy code
devServer = devServer?.copy(
    open = false,
    port = 3000,
    proxy = mutableMapOf(
        "/api/user/identity" to mutableMapOf(
            "changeOrigin" to true,
            "cookieDomainRewrite" to "localhost",
            "target" to serverUrl,
        ),
        "/api/user/login" to mutableMapOf(
            "changeOrigin" to true,
            "cookieDomainRewrite" to "localhost",
            "target" to serverUrl,
        ),
        "/api/user/register" to mutableMapOf(
            "changeOrigin" to true,
            "cookieDomainRewrite" to "localhost",
            "target" to serverUrl,
        )
    )
)
124 Views
Open in Slack
PreviousNext
Powered by