robin
06/20/2022, 10:51 AMoptions("{...}") { }
But that feels like a hack, and I'm not even sure it doesn't produce unwanted side effects, even though CORS seems to work correctly with it. Isn't there a way to let CORS handle preflight requests fully automatically without having to add this?Aleksei Tirman [JB]
06/20/2022, 12:12 PMrobin
06/20/2022, 7:36 PMfun main() {
embeddedServer(Netty, port = 8080) {
install(CallLogging)
routing {
install(CORS) {
anyHost()
allowMethod(HttpMethod.Put)
}
// options("{...}") { }
put("test") {
call.respond("Hello World")
}
}
}.start(true)
}
And then try to run this request against it:
OPTIONS <http://localhost:8080/test>
Access-Control-Request-Method: PUT
Origin: <https://example.com>
With ktor 2.0.2, this gives me a 405, where I would have expected it to give me a 200. If you remove the allowMethod
call, I would instead expect a 403, but again, 405. If you uncomment the options
handler, then it works fine.
In creating this reproduction snippet I now noticed that installing the CORS feature globally, instead of inside the routing, it works properly even without the additional options
handler. However, in our production app that's not a solution for us because we do need different CORS handling depending on the route and installing CORS both globally as well as into a specific route throws an error on startup that this is not a supported use case.Aleksei Tirman [JB]
06/21/2022, 9:00 AMrobin
06/21/2022, 9:12 AMAleksei Tirman [JB]
06/21/2022, 9:18 AMCORS
plugin into an application instead of a routing to solve your problem.CallLogging
robin
06/21/2022, 9:19 AMoptions
handler works well enough for us for now though until this is fixed, we'll keep a close eye on if something doesn't work right with that.