I am building a simple REST API using ktor and used cors but when i send a simple get request with no headers data the server works fine but if i want the client to have say key:1 the server doesn`t respond me correctly, it says the problem is
JavaScript
x
2
1
Failed to load http://127.0.0.1:8080/test: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 403.2
so here is my ktor code
JavaScript
1
28
28
1
install(ContentNegotiation) {2
gson {3
}4
}5
install(ForwardedHeaderSupport)6
install(DefaultHeaders)7
install(CORS)8
{9
method(HttpMethod.Options)10
method(HttpMethod.Get)11
method(HttpMethod.Post)12
method(HttpMethod.Put)13
method(HttpMethod.Delete)14
method(HttpMethod.Patch)15
header(HttpHeaders.AccessControlAllowHeaders)16
header(HttpHeaders.ContentType)17
header(HttpHeaders.AccessControlAllowOrigin)18
allowCredentials = true19
anyHost()20
maxAge = Duration.ofDays(1)21
}22
23
get("test"){24
val a = call.request.headers["key"]25
println(a)26
call.respond(Product(name = a))27
}28
and my javascript code looks like this….
JavaScript
1
9
1
fetch('http://shop-ix.uz:8080/test', {2
headers: {3
"key": "1" 4
})5
.then(response => response.json())6
.then(json => { 7
console.log(json);8
})9
please help me
Advertisement
Answer
You need to whitelist your headers like this:
JavaScript
1
4
1
install(CORS) {2
header("key")3
}4
This needs to be done with every custom HTTP header you intend to use.