libeufin

Integration and sandbox testing for FinTech APIs and data formats
Log | Files | Refs | Submodules | README | LICENSE
commit 44deb37f196fc5e60de04f737b64793426a5ab46
parent 3632572878e0e35e01f5a7980175c4a4d2f6934c
Author: Antoine A <>
Date:   Wed,  8 Oct 2025 15:22:47 +0200

bank: handle CORS ourselves

Diffstat:

Mcommon/build.gradle | 1-


Mcommon/src/main/kotlin/api/server.kt | 19++++++++-----------


2 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/common/build.gradle b/common/build.gradle
@@ -59,7 +59,6 @@ dependencies {
     
     implementation("io.ktor:ktor-server-core:$ktor_version")
     implementation("io.ktor:ktor-server-call-logging:$ktor_version")
-    implementation("io.ktor:ktor-server-cors:$ktor_version")
     implementation("io.ktor:ktor-server-content-negotiation:$ktor_version")
     implementation("io.ktor:ktor-server-status-pages:$ktor_version")
     implementation("io.ktor:ktor-server-cio:$ktor_version")
diff --git a/common/src/main/kotlin/api/server.kt b/common/src/main/kotlin/api/server.kt
@@ -27,7 +27,6 @@ import io.ktor.server.cio.*
 import io.ktor.server.plugins.*
 import io.ktor.server.plugins.calllogging.*
 import io.ktor.server.plugins.contentnegotiation.*
-import io.ktor.server.plugins.cors.routing.*
 import io.ktor.server.plugins.forwardedheaders.*
 import io.ktor.server.plugins.statuspages.*
 import io.ktor.server.plugins.callid.*
@@ -64,6 +63,14 @@ val ApplicationCall.rawBody: ByteArray get() = attributes.getOrNull(RAW_BODY) ?:
 fun talerPlugin(logger: Logger): ApplicationPlugin<Unit> {
     return createApplicationPlugin("TalerPlugin") {
         onCall { call ->
+            // Handle cors preflight
+            if (call.request.httpMethod == HttpMethod.Options) {
+                call.response.header(HttpHeaders.AccessControlAllowHeaders, "*")
+                call.response.header(HttpHeaders.AccessControlAllowMethods, "*")
+                call.respond(HttpStatusCode.NoContent)
+                return@onCall
+            }
+
             // Log incoming transaction
             val requestCall = buildString {
                 val path = call.request.path()
@@ -155,16 +162,6 @@ fun Application.talerApi(logger: Logger, routes: Routing.() -> Unit) {
         }
     }
     install(XForwardedHeaders)
-    install(CORS) {
-        anyHost()
-        allowHeader(HttpHeaders.Authorization)
-        allowHeader(HttpHeaders.ContentType)
-        allowHeader(TALER_CHALLENGE_IDS)
-        allowMethod(HttpMethod.Options)
-        allowMethod(HttpMethod.Patch)
-        allowMethod(HttpMethod.Delete)
-        allowCredentials = true
-    }
     install(talerPlugin(logger))
     install(IgnoreTrailingSlash)
     install(ContentNegotiation) {