From 4a161fea12337077793bfeb200272aad841a3f55 Mon Sep 17 00:00:00 2001
From: Carl Hultquist <hultquis@deshaw.com>
Date: Fri, 8 Apr 2016 11:18:50 -0400
Subject: [PATCH] Fix handling of preflight requests

Pre-flighted OPTIONS requests do not include authentication information,
which means that we should not expect these to be authenticated.
Authentication will be validated when the real PUT/POST etc request is
issued after the preflight.
---
 notebook/base/handlers.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/notebook/base/handlers.py b/notebook/base/handlers.py
index 39c7056279..686dcb93b6 100644
--- a/notebook/base/handlers.py
+++ b/notebook/base/handlers.py
@@ -387,7 +387,6 @@ def finish(self, *args, **kwargs):
         self.set_header('Content-Type', 'application/json')
         return super(APIHandler, self).finish(*args, **kwargs)
 
-    @web.authenticated
     def options(self, *args, **kwargs):
         self.set_header('Access-Control-Allow-Headers', 'accept, content-type')
         self.set_header('Access-Control-Allow-Methods',