https://kotlinlang.org logo
#ktor
Title
# ktor
j

John O'Reilly

11/03/2020, 8:12 AM
I have Ktor server with following CORS feature installed....works for "normal" requests but not for some reason for digest auth based login request
Copy code
install(CORS) {
    anyHost()
    header("Authorization")
}
anyone aware of any other config needed to support that?
following are response headers I'm getting back
Copy code
HTTP/1.1 401 Unauthorized
Access-Control-Allow-Origin: *
WWW-Authenticate: Digest realm="*****", nonce="*****", algorithm="MD5"
Content-Length: 0
Connection: keep-alive
and this is the request
Copy code
POST /api/v1/login HTTP/1.1
Host: 192.168.1.241:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:81.0) Gecko/20100101 Firefox/81.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: <http://localhost:3000/login>
Origin: <http://localhost:3000>
Connection: keep-alive
Content-Length: 0
fwiw am using following library to make request https://github.com/wizebin/react-native-digest-fetch (from a react app running in browser)
j

Joost Klitsie

11/03/2020, 9:36 AM
Are you sure it is because of the CORS? Could it be your login path is within some authentication instead of free to access?
Copy code
routing {
    authenticate("") {
        get("/whatever") {
        }
    }
    post("login") {
    }
}
j

John O'Reilly

11/03/2020, 9:37 AM
I have setup that requires that the login path is authenticated
a

aleksey.tomin

11/03/2020, 10:42 AM
Has the browser sent OPT request?
j

John O'Reilly

11/03/2020, 11:25 AM
Don't think so.....but just to note that other requests are working (for example ones where I provide, as test, token with the request)
seems to be something to do with "handshake" that digest authentication involves
13 Views