From 490e66fe075706265f7264481ef6296bc2d32da7 Mon Sep 17 00:00:00 2001
From: Arksine <arksine.code@gmail.com>
Date: Thu, 13 May 2021 19:33:42 -0400
Subject: [PATCH] authorization: bypass authorization check when the request
 method is OPTIONS

If CORS is enabled then then OPTIONS should always return 204.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
---
 moonraker/components/authorization.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/moonraker/components/authorization.py b/moonraker/components/authorization.py
index f08acff..bc7a36d 100644
--- a/moonraker/components/authorization.py
+++ b/moonraker/components/authorization.py
@@ -450,7 +450,8 @@ class Authorization:
             return None
 
     def check_authorized(self, request):
-        if request.path in self.permitted_paths:
+        if request.path in self.permitted_paths or \
+                request.method == "OPTIONS":
             return None
 
         # Check JSON Web Token