From e8667d4347646f2a924732d1f025f817b692e6b3 Mon Sep 17 00:00:00 2001
From: Maciej Wawro <36930951+maciekwawro@users.noreply.github.com>
Date: Mon, 11 Mar 2019 11:27:43 +0100
Subject: [PATCH] [openid_connect] Fix CORS

---
 galicea_openid_connect/api.py              | 2 +-
 galicea_openid_connect/controllers/main.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/galicea_openid_connect/api.py b/galicea_openid_connect/api.py
index 36b7743..633d5d9 100644
--- a/galicea_openid_connect/api.py
+++ b/galicea_openid_connect/api.py
@@ -20,7 +20,7 @@ def resource(path, method, auth='user'):
     assert auth in ['user', 'client']
 
     def endpoint_decorator(func):
-        @http.route(path, auth='public', type='http', methods=[method], csrf=False)
+        @http.route(path, auth='public', type='http', methods=[method, 'OPTIONS'], csrf=False, cors='*')
         @wraps(func)
         def func_wrapper(self, req, **query):
             try:
diff --git a/galicea_openid_connect/controllers/main.py b/galicea_openid_connect/controllers/main.py
index ed21422..be21622 100644
--- a/galicea_openid_connect/controllers/main.py
+++ b/galicea_openid_connect/controllers/main.py
@@ -246,7 +246,7 @@ class Main(http.Controller):
 
         return self.__redirect(redirect_uri, response_params, response_mode)
 
-    @http.route('/oauth/token', auth='public', type='http', methods=['POST'], csrf=False)
+    @http.route('/oauth/token', auth='public', type='http', methods=['POST', 'OPTIONS'], csrf=False, cors='*')
     def token(self, req, **query):
         try:
             if 'grant_type' not in query: