I'm creating a full-stack application with backend being developed in Ktor (Kotlin) and frontend in React (TypeScript). The backend is being hosted on Heroku, while the frontend is still under development, therefore I'm running it locally.
The API is operational and works as intended when tested with Postman. This is an excrept of the Ktor's configuration:
@Suppress("unused")
@kotlin.jvm.JvmOverloads
fun Application.module(testing: Boolean = false) {
install(CORS) {
anyHost()
}
install(StatusPages) {
// Status pages configuration
}
install(ContentNegotiation) {
jackson {
enable(SerializationFeature.INDENT_OUTPUT)
disable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
disable(DeserializationFeature.FAIL_ON_IGNORED_PROPERTIES)
}
}
routing {
// Declaration of routes
}
}
I've enabled CORS, allowing every host to access the resources.
In React application, I'm using axios
as my HTTP library. This is a sample of how a request to the server looks like:
interface LoginModel {
email: string;
password: string;
}
interface TokenAuthModel {
successful: boolean;
access_token: string;
}
import * as axios from 'axios';
const requestConfig = {
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
timeout: 15000
};
async login(login: LoginModel): Promise<TokenAuthModel | null> {
const req = await axios.default.post('some-url', login, requestConfig);
if (request.status === 200) {
return request.data as TokenAuthModel;
}
return null;
}
which returns the following error message:
Access to XMLHttpRequest at 'https://app-name.herokuapp.com/some/endpoint' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
As stated above, the error is only present when making a request from the React frontend, while Postman calls work as intended.
Any sort of help would be extremely appreciated.