I have Ktor server with following CORS feature installed wor kotlinlang #ktor

John O'Reilly

11/03/2020, 8:12 AM

I have Ktor server with following CORS feature installed....works for "normal" requests but not for some reason for digest auth based login request

install(CORS) {
    anyHost()
    header("Authorization")
}

anyone aware of any other config needed to support that?

following are response headers I'm getting back

HTTP/1.1 401 Unauthorized
Access-Control-Allow-Origin: *
WWW-Authenticate: Digest realm="*****", nonce="*****", algorithm="MD5"
Content-Length: 0
Connection: keep-alive

and this is the request

POST /api/v1/login HTTP/1.1
Host: 192.168.1.241:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:81.0) Gecko/20100101 Firefox/81.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: <http://localhost:3000/login>
Origin: <http://localhost:3000>
Connection: keep-alive
Content-Length: 0

fwiw am using following library to make request https://github.com/wizebin/react-native-digest-fetch (from a react app running in browser)

Joost Klitsie

11/03/2020, 9:36 AM

Are you sure it is because of the CORS? Could it be your login path is within some authentication instead of free to access?

routing {
    authenticate("") {
        get("/whatever") {
        }
    }
    post("login") {
    }
}

John O'Reilly

11/03/2020, 9:37 AM

I have setup that requires that the login path is authenticated

aleksey.tomin

11/03/2020, 10:42 AM

Has the browser sent OPT request?

John O'Reilly

11/03/2020, 11:25 AM

Don't think so.....but just to note that other requests are working (for example ones where I provide, as test, token with the request)

seems to be something to do with "handshake" that digest authentication involves