Bypass MVC for replying to CORS requests if Bitpay API

2025-12-18 06:24:24 +01:00 · 2019-02-02 15:19:22 +09:00
parent 66bb702aca
commit 098e07988c
3 changed files with 6 additions and 3 deletions
--- a/BTCPayServer/Controllers/AccessTokenController.cs
+++ b/BTCPayServer/Controllers/AccessTokenController.cs
@@ -14,8 +14,7 @@ using System.Threading.Tasks;
 namespace BTCPayServer.Controllers
 {
    [Authorize(AuthenticationSchemes = Security.Policies.BitpayAuthentication)]
-    [BitpayAPIConstraint(true)]
-    [EnableCors(CorsPolicies.All)]
+    [BitpayAPIConstraint()]
    public class AccessTokenController : Controller
    {
        TokenRepository _TokenRepository;
--- a/BTCPayServer/Controllers/InvoiceController.API.cs
+++ b/BTCPayServer/Controllers/InvoiceController.API.cs
@@ -13,7 +13,6 @@ using NBitpayClient;
 namespace BTCPayServer.Controllers
 {
    [BitpayAPIConstraint]
-    [EnableCors(CorsPolicies.All)]
    [Authorize(Policies.CanCreateInvoice.Key, AuthenticationSchemes = Policies.BitpayAuthentication)]
    public class InvoiceControllerAPI : Controller
    {
--- a/BTCPayServer/Hosting/BTCpayMiddleware.cs
+++ b/BTCPayServer/Hosting/BTCpayMiddleware.cs
@@ -38,6 +38,11 @@ namespace BTCPayServer.Hosting
            {
                var bitpayAuth = GetBitpayAuth(httpContext, out bool isBitpayAuth);
                var isBitpayAPI = IsBitpayAPI(httpContext, isBitpayAuth);
+                if (isBitpayAPI && httpContext.Request.Method == "OPTIONS")
+                {
+                    httpContext.Response.StatusCode = 200;
+                    return; // We bypass MVC completely
+                }
                httpContext.SetIsBitpayAPI(isBitpayAPI);
                if (isBitpayAPI)
                {