Ktor by default provides an interceptor for implementing proper support for Cross-Origin Resource Sharing (CORS).
First of all, install the CORS plugin (previously known as feature) into your application.
The default configuration to the CORS plugin handles only
HEAD HTTP methods and the following headers:
Here is an advanced example that demonstrates most of CORS-related API functions
method("HTTP_METHOD"): Includes this method to the white list of Http methods to use CORS.
header("header-name"): Includes this header to the white list of headers to use CORS.
exposeHeader("header-name"): Exposes this header in the response.
X-Http-Method-Overrideheader in the response
anyHost(): Allows any host to access the resources
host("hostname"): Allows only the specified host to use CORS, it can have the port number, a list of subDomains or the supported schemes.
Access-Control-Allow-Credentialsheader in the response
Content-Typerequest header to the white list for values other than simple content types.
Access-Control-Max-Ageheader in the response with the given max age