3diy
/
moonraker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

authorization: bypass authorization check when the request method is OPTIONS 

If CORS is enabled then then OPTIONS should always return 204.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
This commit is contained in:
Arksine 2021-05-13 19:33:42 -04:00
parent 4a61bf21de
commit 490e66fe07
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
moonraker/components/authorization.py
View File

@ -450,7 +450,8 @@ class Authorization:
return None
def check_authorized(self, request):
if request.path in self.permitted_paths:
if request.path in self.permitted_paths or \
request.method == "OPTIONS":
return None
# Check JSON Web Token