OAuth2: OPTIONS pre-flights - don't check auth

Avoid checking client authentication during pre-flight requests, since the browser won't be sending it.
2026-04-27 03:00:12 -04:00 · 2015-04-06 16:32:38 -07:00
parent b6fc5e3773
commit 92cc540e16
1 changed files with 2 additions and 1 deletions
--- a/r2/r2/controllers/oauth2.py
+++ b/r2/r2/controllers/oauth2.py
@@ -195,7 +195,8 @@ class OAuth2AccessController(MinimalController):
        set_extension(request.environ, "json")
        MinimalController.pre(self)
        require_https()
-        c.oauth2_client = self._get_client_auth()
+        if request.method != "OPTIONS":
+            c.oauth2_client = self._get_client_auth()

    def _get_client_auth(self):
        auth = request.headers.get("Authorization")