From 4dd39eb54aed03e2939b4fda6ab683756d878f04 Mon Sep 17 00:00:00 2001 From: Giteabot Date: Fri, 22 Dec 2023 20:55:43 +0800 Subject: [PATCH] Fix 405 method not allowed CORS / OIDC (#28583) (#28586) Backport #28583 by @morphelinho Follow #28184 Follow #28515 Fix problem with 405 method not allowed for CORS wrt OIDC Co-authored-by: morphelinho --- routers/web/web.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/routers/web/web.go b/routers/web/web.go index 943ede933..d67f9cf90 100644 --- a/routers/web/web.go +++ b/routers/web/web.go @@ -531,9 +531,11 @@ func registerRoutes(m *web.Route) { // TODO manage redirection m.Post("/authorize", web.Bind(forms.AuthorizationForm{}), auth.AuthorizeOAuth) }, ignSignInAndCsrf, reqSignIn) + m.Options("/login/oauth/userinfo", CorsHandler(), misc.DummyBadRequest) m.Get("/login/oauth/userinfo", ignSignInAndCsrf, auth.InfoOAuth) m.Options("/login/oauth/access_token", CorsHandler(), misc.DummyBadRequest) m.Post("/login/oauth/access_token", CorsHandler(), web.Bind(forms.AccessTokenForm{}), ignSignInAndCsrf, auth.AccessTokenOAuth) + m.Options("/login/oauth/keys", CorsHandler(), misc.DummyBadRequest) m.Get("/login/oauth/keys", ignSignInAndCsrf, auth.OIDCKeys) m.Options("/login/oauth/introspect", CorsHandler(), misc.DummyBadRequest) m.Post("/login/oauth/introspect", CorsHandler(), web.Bind(forms.IntrospectTokenForm{}), ignSignInAndCsrf, auth.IntrospectOAuth)