Somehow this,

install(CORS) {
        method(HttpMethod.Options)
        method(HttpMethod.Patch)
        method(HttpMethod.Delete)
        headersOf(HttpHeaders.AccessControlAllowOrigin, "*")
        headersOf(
            HttpHeaders.AccessControlAllowMethods to listOf(
                HttpMethod.Get.value,
                HttpMethod.Post.value,
                HttpMethod.Put.value,
                HttpMethod.Patch.value,
                HttpMethod.Delete.value,
                HttpMethod.Head.value,
                HttpMethod.Options.value
            ),
            HttpHeaders.AccessControlAllowHeaders to listOf(
                HttpHeaders.Origin, HttpHeaders.ContentType, HttpHeaders.XAuthToken
            )
        )
        anyHost()
    }

Doens't help me when I am trying to fetch to my restful api with

ktor

. How do I allow Cross Origin Resource Sharing? I still get

Access to fetch at '<http://192.168.43.218:8080/v0.1.0/auth/users/exists>' from origin '<http://localhost:8088>' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

I have tested by disabling the web security. It works, but I don't wanna do that. Can someone please tell me how? Rest Api: ktor-server Client: ktor-client-js Browser: Chromium,Opera

what http method are you using? You have allowed options, patch and delete, but I suppose for fetching you are using something else?

When I make a normal fetch/post request. It works, its that preflight request that browsers send before sending the actual request. It fails