Explicitly add CORS wildcard on all OPTIONS requests

2021-07-28 12:47:15 -07:00 · 2021-07-28 12:47:15 -07:00 · 810b0cd5da
commit 810b0cd5da
parent 509c658080
1 changed files with 3 additions and 1 deletions
--- a/router/middleware/auth.go
+++ b/router/middleware/auth.go
@ -58,6 +58,8 @@ func RequireExternalAPIAccessToken(scope string, handler ExternalAccessTokenHand
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// We should accept 3rd party preflight OPTIONS requests.
 		if r.Method == "OPTIONS" {
+			// All OPTIONS requests should have a wildcard CORS header.
+			w.Header().Set("Access-Control-Allow-Origin", "*")
 			w.WriteHeader(http.StatusOK)
 			return
 		}
@ -77,7 +79,7 @@ func RequireExternalAPIAccessToken(scope string, handler ExternalAccessTokenHand
 			return
 		}

-		// All valid 3rd party requests should have a wildcard CORS header.
+		// All auth'ed 3rd party requests should have a wildcard CORS header.
 		w.Header().Set("Access-Control-Allow-Origin", "*")

 		handler(*integration, w, r)