Hello, Hope you are all okay. If you can please take some time and help me figure out what I am doing wrong. So, I have this

install(CORS) {
    method(HttpMethod.Options)
    method(HttpMethod.Patch)
    method(HttpMethod.Delete)
    header(HttpHeaders.XForwardedProto)
    anyHost()
    header(AccessControlAllowOrigin)
    header(AccessControlAllowMethods)
    header(AccessControlAllowCredentials)
    header(AccessControlAllowHeaders)
    header(AccessControlRequestMethod)
    header(AccessControlRequestHeaders)
    header(AccessControlExposeHeaders)
    header(AccessControlMaxAge)

    allowCredentials = true
    maxAgeInSeconds = 1000
    allowNonSimpleContentTypes = true
}

But I still get this, when I run on the browser. What am I doing wrong? All I need is this request to work

Access to fetch at '<http://192.168.43.218:9010/v1/authorization/user-roles/all>' from origin '<http://localhost:8080>' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Currently on: ktor 1.4.3 Kotlin: 1.4.21

Should you add method(HttpMethod.Get)?

I am actually trying to do a post. But I thought

Get

and

Post

where added by default

header(HttpHeaders.Authorization)

This one is important too

dang it. That's what I was missing. Thanks much @Jose A.

On production anyHost() is not usually a good idea, (because you're disabling cors) check if it's the right thing in your case.

Yes. I need it. As this is a public rest api. Client apps will connect from different hosts with an authorization token in the header

If it's a public api then I think it's ok!