From 19869d1c11462294c828bc126bf006103239e397 Mon Sep 17 00:00:00 2001 From: morphelinho Date: Fri, 22 Dec 2023 13:23:24 +0100 Subject: [PATCH] Fix 405 method not allowed CORS / OIDC (#28583) Follow #28184 Follow #28515 Fix problem with 405 method not allowed for CORS wrt OIDC --- routers/web/web.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/routers/web/web.go b/routers/web/web.go index db0588056..359b608c7 100644 --- a/routers/web/web.go +++ b/routers/web/web.go @@ -532,9 +532,11 @@ func registerRoutes(m *web.Route) { // TODO manage redirection m.Post("/authorize", web.Bind(forms.AuthorizationForm{}), auth.AuthorizeOAuth) }, ignSignInAndCsrf, reqSignIn) + m.Options("/login/oauth/userinfo", CorsHandler(), misc.DummyBadRequest) m.Get("/login/oauth/userinfo", ignSignInAndCsrf, auth.InfoOAuth) m.Options("/login/oauth/access_token", CorsHandler(), misc.DummyBadRequest) m.Post("/login/oauth/access_token", CorsHandler(), web.Bind(forms.AccessTokenForm{}), ignSignInAndCsrf, auth.AccessTokenOAuth) + m.Options("/login/oauth/keys", CorsHandler(), misc.DummyBadRequest) m.Get("/login/oauth/keys", ignSignInAndCsrf, auth.OIDCKeys) m.Options("/login/oauth/introspect", CorsHandler(), misc.DummyBadRequest) m.Post("/login/oauth/introspect", CorsHandler(), web.Bind(forms.IntrospectTokenForm{}), ignSignInAndCsrf, auth.IntrospectOAuth)