Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

config.enableCorsForAllOrigins() is not adding proper CORS headers

See original GitHub issue

Actual behavior (the bug) Http header “access-control-allow-origin:*” is not being added to responses

Expected behavior header should be present on all responses

To Reproduce

Javalin.create().apply {
            config.contextPath = "/"
            config.enableCorsForAllOrigins()
            config.enableDevLogging()
            get("/") { ctx -> ctx.html("test") }
        }.start(80)

Workaround I needed to use in order to get the CORS header in all requests is this:

Javalin.create().apply {
            config.contextPath = "/"
            config.enableCorsForAllOrigins()
            config.enableDevLogging()
            before { ctx ->
                ctx.header(Header.ACCESS_CONTROL_ALLOW_ORIGIN, "*")
            }
            get("/") { ctx -> ctx.html("test") }
        }.start(80)

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:10 (5 by maintainers)

github_iconTop GitHub Comments

2reactions
Nikita-Chernenkocommented, May 26, 2021

alright, the correct way to apply it was

    val app = Javalin.create { config ->
        config.contextPath = "/"
        config.enableDevLogging()
        config.enableCorsForAllOrigins()
    }.start(port)

now it works

1reaction
sfPlayer1commented, Jun 13, 2021

FYI the way this sneakily substitutes * with the Origin header value breaks external caches that weren’t configured for this behavior. A cached response from one origin may be sent to another requests with a different origin.

Read more comments on GitHub >

github_iconTop Results From Across the Web

config.enableCorsForAllOrigins() is not adding proper CORS ...
Actual behavior (the bug) Http header "access-control-allow-origin:*" is not being added to responses Expected behavior header should be ...
Read more >
Why doesn't adding CORS headers to an OPTIONS route ...
I found the easiest way is to use the node.js package cors. The simplest usage is: var cors = require('cors') var app =...
Read more >
CORS Enabled - W3C Wiki
Granting JavaScript clients basic access to your resources simply requires adding one HTTP Response Header, namely: Access-Control-Allow-Origin: ...
Read more >
Handling CORS | Socket.IO
Handling CORS. Configuration​. Since Socket.IO v3, you need to explicitly enable Cross-Origin Resource Sharing (CORS).
Read more >
javalin-io/general - Gitter
enableCorsForAllOrigins (); config.requestLogger((ctx, ms) -> { if (ctx.req.getAttribute("handled-as-static-file") == null) { // if the request is not for a ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Document using Gson mapper in Kotlin

Next page

binary output for regular web requests