From 810b0cd5da0655fea53f3c39d817f2ed0078b883 Mon Sep 17 00:00:00 2001
From: Gabe Kangas <gabek@real-ity.com>
Date: Wed, 28 Jul 2021 12:47:15 -0700
Subject: [PATCH] Explicitly add CORS wildcard on all OPTIONS requests

---
 router/middleware/auth.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/router/middleware/auth.go b/router/middleware/auth.go
index 6dcef6b8e..04ecbf7c9 100644
--- a/router/middleware/auth.go
+++ b/router/middleware/auth.go
@@ -58,6 +58,8 @@ func RequireExternalAPIAccessToken(scope string, handler ExternalAccessTokenHand
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// We should accept 3rd party preflight OPTIONS requests.
 		if r.Method == "OPTIONS" {
+			// All OPTIONS requests should have a wildcard CORS header.
+			w.Header().Set("Access-Control-Allow-Origin", "*")
 			w.WriteHeader(http.StatusOK)
 			return
 		}
@@ -77,7 +79,7 @@ func RequireExternalAPIAccessToken(scope string, handler ExternalAccessTokenHand
 			return
 		}
 
-		// All valid 3rd party requests should have a wildcard CORS header.
+		// All auth'ed 3rd party requests should have a wildcard CORS header.
 		w.Header().Set("Access-Control-Allow-Origin", "*")
 
 		handler(*integration, w, r)