You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm wondering if it's worth dropping this validation down into passport itself so that it will never require authentication on a call with the OPTIONS method as request headers should not be included according to the standard: https://www.w3.org/TR/cors/#preflight-request
The text was updated successfully, but these errors were encountered:
This issue has arisen mostly out of incorrect implementation anyway but thought I would bring it to attention.
It's possible to inadvertently require authentication on a call to OPTIONS with:
It's worth pointing out that nowhere in the documentation is the method used in this way.
This can easily be worked around by wrapping the middleware as
I'm wondering if it's worth dropping this validation down into passport itself so that it will never require authentication on a call with the OPTIONS method as request headers should not be included according to the standard: https://www.w3.org/TR/cors/#preflight-request
The text was updated successfully, but these errors were encountered: