I'm passing the Google rechapta token in the Header, and CORS is giving an error. has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. What do I need to enable in CORS?

your backend API needs to enable cors for your domain - this could mean allowing cors for localhost/domain in your backend - or adding some whitelist in the google console probably

Got it, CORS is configured this way.

install(CORS) {
        method(HttpMethod.Options)
        method(<http://HttpMethod.Post|HttpMethod.Post>)
        method(HttpMethod.Get)
        method(HttpMethod.Put)
        method(HttpMethod.Delete)
        method(HttpMethod.Head)
        header(HttpHeaders.AccessControlAllowHeaders)
        header(HttpHeaders.ContentType)
        header(HttpHeaders.AccessControlAllowOrigin)
        header(HttpHeaders.AccessControlAllowMethods)
        header(HttpHeaders.Authorization)
        allowCredentials = true
        allowNonSimpleContentTypes = true
        anyHost()
    }

you need to whitelist the headers you want to use `

header("g-recaptcha")

` https://stackoverflow.com/questions/54327270/access-control-allow-origin-issue-in-ktor-cors-header

Got it, I should have been paying more attention to it, I'm going to test it here! Thank you so