From de4b3d6290644c6b80f1acd734540558bae7022f Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 5 Mar 2021 14:14:32 +0100 Subject: [PATCH] providers/oauth2: always set CORS headers on provider info view --- authentik/providers/oauth2/views/provider.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/authentik/providers/oauth2/views/provider.py b/authentik/providers/oauth2/views/provider.py index ab28e8db3..1bfc7cd93 100644 --- a/authentik/providers/oauth2/views/provider.py +++ b/authentik/providers/oauth2/views/provider.py @@ -103,9 +103,10 @@ class ProviderInfoView(View): provider: OAuth2Provider = get_object_or_404( OAuth2Provider, pk=application.provider_id ) - response = JsonResponse( - self.get_info(provider), json_dumps_params={"indent": 2} - ) - response["Access-Control-Allow-Origin"] = "*" + return JsonResponse(self.get_info(provider), json_dumps_params={"indent": 2}) + def dispatch(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse: + # Since this view only supports get, we can statically set the CORS headers + response = super().dispatch(request, *args, **kwargs) + response["Access-Control-Allow-Origin"] = "*" return response