From 01c37cb0ba08835e173243db265c98d2219e1c25 Mon Sep 17 00:00:00 2001
From: schroda <50052685+schroda@users.noreply.github.com>
Date: Sat, 8 Feb 2025 17:53:32 +0100
Subject: [PATCH] Ignore authentication for preflight requests (#1261)

Cors preflight requests never include credentials (https://fetch.spec.whatwg.org/#cors-protocol-and-credentials), thus, they always failed due to being unauthorized
---
 .../main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt   | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt b/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt
index 01690061..355ddbc4 100644
--- a/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt
+++ b/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt
@@ -10,6 +10,7 @@ package suwayomi.tachidesk.server
 import io.github.oshai.kotlinlogging.KotlinLogging
 import io.javalin.Javalin
 import io.javalin.apibuilder.ApiBuilder.path
+import io.javalin.http.HandlerType
 import io.javalin.http.UnauthorizedResponse
 import io.javalin.http.staticfiles.Location
 import kotlinx.coroutines.CoroutineScope
@@ -111,6 +112,11 @@ object JavalinSetup {
             }
 
         app.beforeMatched { ctx ->
+            val isPreFlight = ctx.method() == HandlerType.OPTIONS
+            if (isPreFlight) {
+                return@beforeMatched
+            }
+
             fun credentialsValid(): Boolean {
                 val basicAuthCredentials = ctx.basicAuthCredentials() ?: return false
                 val (username, password) = basicAuthCredentials