Having a problem with cross-site POST requests. I installed the

CORS

feature as per https://ktor.io/servers/features/cors.html and everything works for

GET

. However with

POST

it seems that Chrome (version 80.0.3987.106) does not send the

Origin

header, so the ktor intercept function does not reply with the

Access-Control-Allow-Origin

header as it should. If I enforce the response header through the

DefaultHeaders

feature,

POST

works but then for

GET

Chrome complains because it does send the

Origin

header there and so with

CORS

+

DefaultHeaders

feature the response header is being set twice (and Chrome doesn't like that...). Any clue how I can work around this issue without waiting for Google to fix their stuff? EDIT: Not only does Chrome not send

Origin

headers when `POST`ing by default, it also explicitly removes them when I instruct my frontend (JavaScript

fetch

) to send an

Origin

header along with the request.

@gregorbg how did you install CORS?

install(CORS) {
                header(HttpHeaders.Authorization)
                methods.addAll(listOf(HttpMethod.Get, <http://HttpMethod.Post|HttpMethod.Post>, HttpMethod.Put, HttpMethod.Delete, HttpMethod.Options))
                host("<http://specific-domain.net:3000|specific-domain.net:3000>", subDomains = listOf("localhost"))
                host("<http://specific-domain.com:3000|specific-domain.com:3000>", subDomains = listOf("localhost"))
}

did you add those methods?