https://kotlinlang.org logo
#ktor
Title
# ktor
g

gregorbg

03/18/2020, 4:14 PM
Having a problem with cross-site POST requests. I installed the
CORS
feature as per https://ktor.io/servers/features/cors.html and everything works for
GET
. However with
POST
it seems that Chrome (version 80.0.3987.106) does not send the
Origin
header, so the ktor intercept function does not reply with the
Access-Control-Allow-Origin
header as it should. If I enforce the response header through the
DefaultHeaders
feature,
POST
works but then for
GET
Chrome complains because it does send the
Origin
header there and so with
CORS
+
DefaultHeaders
feature the response header is being set twice (and Chrome doesn't like that...). Any clue how I can work around this issue without waiting for Google to fix their stuff? EDIT: Not only does Chrome not send
Origin
headers when `POST`ing by default, it also explicitly removes them when I instruct my frontend (JavaScript
fetch
) to send an
Origin
header along with the request.
I'll also be happy to report this as an issue, I'm just not sure whether Chrome or ktor is to blame here.
g

gotoOla

03/18/2020, 10:32 PM
@gregorbg how did you install CORS?
Copy code
install(CORS) {
                header(HttpHeaders.Authorization)
                methods.addAll(listOf(HttpMethod.Get, <http://HttpMethod.Post|HttpMethod.Post>, HttpMethod.Put, HttpMethod.Delete, HttpMethod.Options))
                host("<http://specific-domain.net:3000|specific-domain.net:3000>", subDomains = listOf("localhost"))
                host("<http://specific-domain.com:3000|specific-domain.com:3000>", subDomains = listOf("localhost"))
}
did you add those methods?
this was an examplke from an app we have where we do posts with CORS activated
4 Views