fix: remove Method::Options auth check (#168)

* fix: remove Method::Options auth check

* add tests

---------

Co-authored-by: sigoden <sigoden@gmail.com>

diff --git a/src/auth.rs b/src/auth.rs
index 5752fe9dc23f83f38033e7f8d62bd172e2d7b0a8..e19bc16063658f9ee196e4ef39cdb2c7ec6e8b9e 100644 (file)
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -82,6 +82,11 @@ impl AccessControl {
         if self.rules.is_empty() {
             return GuardType::ReadWrite;
         }
+
+        if method == Method::OPTIONS {
+            return GuardType::ReadOnly;
+        }
+
         let mut controls = vec![];
         for path in walk_path(path) {
             if let Some(control) = self.rules.get(path) {

diff --git a/tests/auth.rs b/tests/auth.rs
index 5aa2eef6db7c509257cb7792fe1042d86e18b764..83b6434474d4394ca9024e7dcb6493167c2e03b9 100644 (file)
--- a/tests/auth.rs
+++ b/tests/auth.rs
@@ -35,6 +35,16 @@ fn auth_skip(#[with(&["--auth", "/@user:pass@*"])] server: TestServer) -> Result
     Ok(())
 }
 
+#[rstest]
+fn auth_skip_on_options_method(
+    #[with(&["--auth", "/@user:pass"])] server: TestServer,
+) -> Result<(), Error> {
+    let url = format!("{}index.html", server.url());
+    let resp = fetch!(b"OPTIONS", &url).send()?;
+    assert_eq!(resp.status(), 200);
+    Ok(())
+}
+
 #[rstest]
 fn auth_readonly(
     #[with(&["--auth", "/@user:pass@user2:pass2", "-A"])] server: TestServer,