trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/oauth2: allow protected_resource_view when method is OPTIONS

This commit is contained in:
Jens Langhammer 2021-03-05 16:57:37 +01:00
parent 0e9e378bdf
commit c6de4e47d7
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
authentik/providers/oauth2/utils.py
View File

@ -101,7 +101,9 @@ def protected_resource_view(scopes: list[str]):
This decorator also injects the token into `kwargs`""" This decorator also injects the token into `kwargs`"""
def wrapper(view): def wrapper(view):
def view_wrapper(request, *args, **kwargs): def view_wrapper(request: HttpRequest, *args, **kwargs):
if request.method == "OPTIONS":
return view(request, *args, **kwargs)
try: try:
access_token = extract_access_token(request) access_token = extract_access_token(request)
if not access_token: if not access_token:

3
authentik/providers/oauth2/views/provider.py
View File

@ -19,6 +19,7 @@ from authentik.providers.oauth2.models import (
ResponseTypes, ResponseTypes,
ScopeMapping, ScopeMapping,
) )
from authentik.providers.oauth2.utils import cors_allow_any
LOGGER = get_logger() LOGGER = get_logger()
@ -108,5 +109,5 @@ class ProviderInfoView(View):
def dispatch(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse: def dispatch(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
# Since this view only supports get, we can statically set the CORS headers # Since this view only supports get, we can statically set the CORS headers
response = super().dispatch(request, *args, **kwargs) response = super().dispatch(request, *args, **kwargs)
response["Access-Control-Allow-Origin"] = "*" cors_allow_any(request, response)
return response return response