diff options
| author | arenekosreal <17194552+arenekosreal@users.noreply.github.com> | 2024-09-22 16:33:54 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-09-22 10:33:54 +0200 |
| commit | df770dae0aa823e2dcba7c6d8682da60c679dfde (patch) | |
| tree | 018e5b1fa666737a38e8f298ba4c0f3f3602e91d /internal/httputil/httpapi.go | |
| parent | 07e59d0ba908f02ca81a3cd4f08d56a816614c78 (diff) | |
Make OPTIONS method on MSC3916 endpoints available without auth (#3431)
OPTIONS method is usually sent by browser in preflight requests, most of
the time we cannot control preflight request to add auth header.
Synapse will return a 204 response directly without authentication for
those OPTIONS method.
According to firefox's documentation, both 200 and 204 are acceptable so
I think there is no need to change handler in dendrite.
This closes https://github.com/matrix-org/dendrite/issues/3424
No need to add a test because this is just a fix and I have tested on my
Cinny Web client personally.
### Pull Request Checklist
<!-- Please read
https://matrix-org.github.io/dendrite/development/contributing before
submitting your pull request -->
* [x] I have added Go unit tests or [Complement integration
tests](https://github.com/matrix-org/complement) for this PR _or_ I have
justified why this PR doesn't need tests
* [x] Pull request includes a [sign off below using a legally
identifiable
name](https://matrix-org.github.io/dendrite/development/contributing#sign-off)
_or_ I have already signed off privately
Signed-off-by: `arenekosreal
<17194552+arenekosreal@users.noreply.github.com>`
Signed-off-by: arenekosreal <17194552+arenekosreal@users.noreply.github.com>
Diffstat (limited to 'internal/httputil/httpapi.go')
| -rw-r--r-- | internal/httputil/httpapi.go | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/internal/httputil/httpapi.go b/internal/httputil/httpapi.go index 0559fbb7..034f19f1 100644 --- a/internal/httputil/httpapi.go +++ b/internal/httputil/httpapi.go @@ -210,6 +210,12 @@ func MakeExternalAPI(metricsName string, f func(*http.Request) util.JSONResponse // This is used to serve HTML alongside JSON error messages func MakeHTTPAPI(metricsName string, userAPI userapi.QueryAcccessTokenAPI, enableMetrics bool, f func(http.ResponseWriter, *http.Request), checks ...AuthAPIOption) http.Handler { withSpan := func(w http.ResponseWriter, req *http.Request) { + if req.Method == http.MethodOptions { + util.SetCORSHeaders(w) + w.WriteHeader(http.StatusOK) // Maybe http.StatusNoContent? + return + } + trace, ctx := internal.StartTask(req.Context(), metricsName) defer trace.EndTask() req = req.WithContext(ctx) |