go/mailpit
1
0
Fork 0
mirror of https://github.com/axllent/mailpit.git synced 2025-07-05 00:48:52 +02:00
Code Issues Releases Activity

Fix: Ignore basic auth for OPTIONS requests to API when CORS is set

Browse Source 
Web browsers do not send authorization headers for  preflight requests.
This commit is contained in:
Ralph Slooten
2025-05-30 00:00:05 +12:00
parent 8c59229f97
commit c5b3edf87d
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/server.go
View File

@ -239,7 +239,9 @@ func middleWareFunc(fn http.HandlerFunc) http.HandlerFunc {
w.Header().Set("Access-Control-Allow-Headers", "*")
}
if auth.UICredentials != nil {
// Check basic authentication headers if configured.
// OPTIONS requests are skipped if CORS is enabled, since browsers omit credentials for preflight.
if !(AccessControlAllowOrigin != "" && r.Method == http.MethodOptions) && auth.UICredentials != nil {
user, pass, ok := r.BasicAuth()
if !ok {