From 20aa69b26d4863609f4cb78ebc12435d50bff8f4 Mon Sep 17 00:00:00 2001
From: Arzumify <jliwin98@danwin1210.de>
Date: Tue, 15 Oct 2024 19:45:55 +0100
Subject: [PATCH] Only disable CORS for the ones which need CORS disabled

Signed-off-by: Arzumify <jliwin98@danwin1210.de>
---
 services-src/auth/main.go | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/services-src/auth/main.go b/services-src/auth/main.go
index ebad170..3c7ef08 100644
--- a/services-src/auth/main.go
+++ b/services-src/auth/main.go
@@ -347,19 +347,22 @@ func Main(information library.ServiceInitializationInformation) *chi.Mux {
 	// Add the CORS middleware
 	disableCors := func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			next.ServeHTTP(w, r)
 			w.Header().Set("Access-Control-Allow-Origin", "*")
 			w.Header().Set("Access-Control-Allow-Headers", "*")
 			w.Header().Set("Access-Control-Allow-Methods", "*")
+			next.ServeHTTP(w, r)
 		})
 	}
 
 	router.Use(disableCors)
-	router.Options("/*", func(w http.ResponseWriter, r *http.Request) {
+
+	disableCorsHandleFunc := func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Access-Control-Allow-Origin", "*")
-		w.Header().Set("Access-Control-Allow-Headers", "*")
-		w.Header().Set("Access-Control-Allow-Methods", "*")
-	})
+		w.Header().Set("Access-Control-Allow-Methods", "POST")
+		w.Header().Set("Access-Control-Allow-Headers", "Content-Type")
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(200)
+	}
 
 	// Set up the static routes
 	staticDir, err := fs.Sub(information.ResourceDir, "static")
@@ -940,6 +943,8 @@ func Main(information library.ServiceInitializationInformation) *chi.Mux {
 		renderJSON(200, w, map[string]interface{}{"username": username, "sub": uuid.Must(uuid.FromBytes(userId)).String()}, information)
 	})
 
+	router.Options("/api/oauth/userinfo", disableCorsHandleFunc)
+
 	router.Post("/api/authorize", func(w http.ResponseWriter, r *http.Request) {
 		type authorize struct {
 			AppId       string `json:"appId"`
@@ -1205,6 +1210,8 @@ func Main(information library.ServiceInitializationInformation) *chi.Mux {
 		}
 	})
 
+	router.Options("/api/oauth/token", disableCorsHandleFunc)
+
 	router.Post("/api/oauth/remove", func(w http.ResponseWriter, r *http.Request) {
 		type remove struct {
 			Token string `json:"token"`