authorization: bypass authorization check when the request method is OPTIONS

If CORS is enabled then then OPTIONS should always return 204.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
This commit is contained in:
Arksine 2021-05-13 19:33:42 -04:00
parent 4a61bf21de
commit 490e66fe07
1 changed files with 2 additions and 1 deletions

View File

@ -450,7 +450,8 @@ class Authorization:
return None
def check_authorized(self, request):
if request.path in self.permitted_paths:
if request.path in self.permitted_paths or \
request.method == "OPTIONS":
return None
# Check JSON Web Token