odysseus

Salastil/odysseus

Fork 0

mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-16 09:45:24 -04:00

Commit Graph

Author	SHA1	Message	Date
Marius	04d6a5ccaa	Fix: CORS preflight 401'd by AuthMiddleware before CORSMiddleware (#3262 ) AuthMiddleware is the outermost middleware, so a credential-less CORS preflight (OPTIONS + Access-Control-Request-Method) was rejected with 401 before CORSMiddleware could answer it. That blocks every cross-origin browser/WebView client: the preflight fails, so the real request is never sent. Let a genuine preflight through at the top of AuthMiddleware.dispatch via a pure, unit-tested predicate (core.middleware.is_cors_preflight). Precise -- only OPTIONS carrying Access-Control-Request-Method; a credentialed request is never matched -- and no data access. Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-07 15:23:23 +02:00

Author

SHA1

Message

Date

Marius

04d6a5ccaa

Fix: CORS preflight 401'd by AuthMiddleware before CORSMiddleware (#3262 )

AuthMiddleware is the outermost middleware, so a credential-less CORS preflight
(OPTIONS + Access-Control-Request-Method) was rejected with 401 before
CORSMiddleware could answer it. That blocks every cross-origin browser/WebView
client: the preflight fails, so the real request is never sent.

Let a genuine preflight through at the top of AuthMiddleware.dispatch via a pure,
unit-tested predicate (core.middleware.is_cors_preflight). Precise -- only
OPTIONS carrying Access-Control-Request-Method; a credentialed request is never
matched -- and no data access.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-07 15:23:23 +02:00

1 Commits