Open louisabraham opened 6 months ago
I implemented authentication on my app with this code:
@middleware async def auth(request, handler): if request.headers.get("Authorization") == f"Bearer {TOKEN}": return await handler(request) return web.Response(status=401)
The problem is that OPTIONS requests don't contain authentication headers (https://stackoverflow.com/a/40723041/5133167), and the middleware doesn't return the CORS headers.
I could solve my issue by adding a condition:
@middleware async def auth(request, handler): # skip auth for OPTIONS requests if ( request.method == "OPTIONS" or request.headers.get("Authorization") == f"Bearer {TOKEN}" ): return await handler(request) return web.Response(status=401)
but I think it's ugly and that users shouldn't have to deal with this.
Is there a general way to enforce CORS on any middleware?
I implemented authentication on my app with this code:
The problem is that OPTIONS requests don't contain authentication headers (https://stackoverflow.com/a/40723041/5133167), and the middleware doesn't return the CORS headers.
I could solve my issue by adding a condition:
but I think it's ugly and that users shouldn't have to deal with this.
Is there a general way to enforce CORS on any middleware?