Origin with path in the uri rejected

[Sorikairox]

So, long story short :

OPTIONS with the following origin works : http://127.0.0.1:8080 returning :

* Connection state changed (MAX_CONCURRENT_STREAMS updated)! < HTTP/2 200 < date: Tue, 05 Nov 2019 08:49:29 GMT < content-length: 0 < server: nginx/1.17.5 < access-control-allow-headers: content-type < access-control-allow-origin: * < access-control-allow-methods: POST, PUT, GET, OPTIONS, DELETE < access-control-max-age: 600

OPTIONS with the following origin doesn't : http://127.0.0.1:8080/mycoolpage

* Connection state changed (MAX_CONCURRENT_STREAMS updated)! < HTTP/2 204 < date: Tue, 05 Nov 2019 08:48:54 GMT < server: nginx/1.17.5 < allow: POST <

My Akka Http Cors is the following :

private val corsSettings: CorsSettings = CorsSettings(actorSystem)
     .withAllowedOrigins(HttpOriginMatcher.*)
     .withAllowCredentials(false)
     .withAllowedMethods(scala.collection.immutable.Seq(HttpMethods.POST, HttpMethods.PUT, HttpMethods.GET, HttpMethods.OPTIONS, HttpMethods.DELETE))
     .withExposedHeaders(scala.collection.immutable.Seq(
       "Content-Type",
       "X-Content-Type",
       "x-access-token",
       "x-refresh-token",
     ))

Akka doesn't seem to manage origin which are not hostnames ?

[lomigmegard]

Hi,

Could you also send the corresponding full requests (including headers) ?

Note that your Origin request header (see https://www.w3.org/TR/cors/#origin-request-header) must follow rfc6454 syntax, which does not include a path. It could be the case that akka-http just fails at parsing your request (you could look at the source to be sure).