From e32030627d1d1129493659d6cf9f863464cf5888 Mon Sep 17 00:00:00 2001
From: kompotkot <sumarokovsergei@yandex.ru>
Date: Tue, 13 Feb 2024 06:27:52 +0000
Subject: [PATCH] Fixed options status ok response

---
 server.go | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/server.go b/server.go
index 67c7873..fa50463 100644
--- a/server.go
+++ b/server.go
@@ -143,22 +143,25 @@ func (server *Server) corsMiddleware(next http.Handler) http.Handler {
 		if server.CORSWhitelist["*"] {
 			allowedOrigin = "*"
 		} else {
-			for o := range server.CORSWhitelist {
-				if r.Header.Get("Origin") == o {
-					allowedOrigin = o
-				}
+			origin := r.Header.Get("Origin")
+			if _, ok := server.CORSWhitelist[origin]; ok {
+				allowedOrigin = origin
 			}
 		}
+
 		if allowedOrigin != "" {
 			w.Header().Set("Access-Control-Allow-Origin", allowedOrigin)
-		}
-
-		if r.Method == "OPTIONS" {
 			w.Header().Set("Access-Control-Allow-Methods", "GET,POST,OPTIONS")
 			// Credentials are cookies, authorization headers, or TLS client certificates
 			w.Header().Set("Access-Control-Allow-Credentials", "true")
-			w.Header().Set("Access-Control-Allow-Headers", "Authorization")
+			w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type")
 		}
+
+		if r.Method == "OPTIONS" {
+			w.WriteHeader(http.StatusOK)
+			return
+		}
+
 		next.ServeHTTP(w, r)
 	})
 }