providers/oauth2: allow protected_resource_view when method is OPTIONS
This commit is contained in:
parent
0e9e378bdf
commit
c6de4e47d7
|
@ -101,7 +101,9 @@ def protected_resource_view(scopes: list[str]):
|
|||
This decorator also injects the token into `kwargs`"""
|
||||
|
||||
def wrapper(view):
|
||||
def view_wrapper(request, *args, **kwargs):
|
||||
def view_wrapper(request: HttpRequest, *args, **kwargs):
|
||||
if request.method == "OPTIONS":
|
||||
return view(request, *args, **kwargs)
|
||||
try:
|
||||
access_token = extract_access_token(request)
|
||||
if not access_token:
|
||||
|
|
|
@ -19,6 +19,7 @@ from authentik.providers.oauth2.models import (
|
|||
ResponseTypes,
|
||||
ScopeMapping,
|
||||
)
|
||||
from authentik.providers.oauth2.utils import cors_allow_any
|
||||
|
||||
LOGGER = get_logger()
|
||||
|
||||
|
@ -108,5 +109,5 @@ class ProviderInfoView(View):
|
|||
def dispatch(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
|
||||
# Since this view only supports get, we can statically set the CORS headers
|
||||
response = super().dispatch(request, *args, **kwargs)
|
||||
response["Access-Control-Allow-Origin"] = "*"
|
||||
cors_allow_any(request, response)
|
||||
return response
|
||||
|
|
Reference in New Issue