Skip to content

fix(auth): bypass authentication for CORS preflight requests#358

Merged
hyperblast merged 1 commit intohyperblast:masterfrom
fGeorjje:master
Mar 25, 2026
Merged

fix(auth): bypass authentication for CORS preflight requests#358
hyperblast merged 1 commit intohyperblast:masterfrom
fGeorjje:master

Conversation

@fGeorjje
Copy link
Copy Markdown
Contributor

@fGeorjje fGeorjje commented Mar 23, 2026

  • Allow OPTIONS requests to skip authentication, as browsers are forbidden from sending credentials during a preflight handshake.
  • Move ResponseHeadersFilter before BasicAuthFilter to ensure CORS headers are attached to the response even if authentication fails.

This ensures that browser-based clients can successfully authenticate with the server without being blocked by CORS preflight failures.

Fixes #357

@fGeorjje
fix(auth): bypass authentication for CORS preflight requests
33f7c8f 
- Allow OPTIONS requests to skip authentication, as browsers are
  forbidden from sending credentials during a preflight handshake.
- Move ResponseHeadersFilter before BasicAuthFilter to ensure
  CORS headers are attached to the response even if authentication
  fails.

This ensures that browser-based clients can successfully
authenticate with the server without being blocked by CORS
preflight failures.

Fixes hyperblast#357
@hyperblast
Copy link
Copy Markdown
Owner

hyperblast commented Mar 25, 2026

Thank you, merged.

@hyperblast hyperblast merged commit dbb6883 into hyperblast:master Mar 25, 2026
16 of 18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug] CORS preflight (OPTIONS) requests fail when authentication is enabled

2 participants

@fGeorjje @hyperblast