I have Ktor server with following CORS feature ins...
# ktorj
John O'Reilly
11/03/2020, 8:12 AMI have Ktor server with following CORS feature installed....works for "normal" requests but not for some reason for digest auth based login request
Copy code
install(CORS) {
anyHost()
header("Authorization")
}John O'Reilly
11/03/2020, 8:25 AMfollowing are response headers I'm getting back
Copy code
HTTP/1.1 401 Unauthorized
Access-Control-Allow-Origin: *
WWW-Authenticate: Digest realm="*****", nonce="*****", algorithm="MD5"
Content-Length: 0
Connection: keep-aliveJohn O'Reilly
11/03/2020, 8:27 AMand this is the request
Copy code
POST /api/v1/login HTTP/1.1
Host: 192.168.1.241:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:81.0) Gecko/20100101 Firefox/81.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: <http://localhost:3000/login>
Origin: <http://localhost:3000>
Connection: keep-alive
Content-Length: 0John O'Reilly
11/03/2020, 9:33 AMfwiw am using following library to make request https://github.com/wizebin/react-native-digest-fetch (from a react app running in browser)
j
Joost Klitsie
11/03/2020, 9:36 AMAre you sure it is because of the CORS? Could it be your login path is within some authentication instead of free to access?
Copy code
routing {
authenticate("") {
get("/whatever") {
}
}
post("login") {
}
}j
John O'Reilly
11/03/2020, 9:37 AMI have setup that requires that the login path is authenticated
a
aleksey.tomin
11/03/2020, 10:42 AMHas the browser sent OPT request?
j
John O'Reilly
11/03/2020, 11:25 AMDon't think so.....but just to note that other requests are working (for example ones where I provide, as test, token with the request)
John O'Reilly
11/03/2020, 11:25 AMseems to be something to do with "handshake" that digest authentication involves
13 Views