providers/oauth2: always set CORS headers on provider info view

2021-03-05 14:14:32 +01:00 · 2021-03-05 14:14:32 +01:00 · de4b3d6290
parent 56f75aecc7
commit de4b3d6290
1 changed files with 5 additions and 4 deletions
--- a/authentik/providers/oauth2/views/provider.py
+++ b/authentik/providers/oauth2/views/provider.py
@ -103,9 +103,10 @@ class ProviderInfoView(View):
        provider: OAuth2Provider = get_object_or_404(
            OAuth2Provider, pk=application.provider_id
        )
-        response = JsonResponse(
-            self.get_info(provider), json_dumps_params={"indent": 2}
-        )
-        response["Access-Control-Allow-Origin"] = "*"
+        return JsonResponse(self.get_info(provider), json_dumps_params={"indent": 2})

+    def dispatch(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
+        # Since this view only supports get, we can statically set the CORS headers
+        response = super().dispatch(request, *args, **kwargs)
+        response["Access-Control-Allow-Origin"] = "*"
        return response