Ignore OPTIONS requests in Oauth server (#5337)

Co-authored-by: Somhairle MacLeòid <smacleod@cloudflare.com>
cloudflare · Mar 21, 2024 · 35660e2 · 35660e2
1 parent da90e6a
commit 35660e2
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/.changeset/rude-mice-study.md b/.changeset/rude-mice-study.md
@@ -0,0 +1,9 @@
+---
+"wrangler": patch
+---
+
+fix: Ignore OPTIONS requests in Wrangler's oauth server
+
+In Chrome v123, the auth requests from the browser back to wrangler now first include a CORS OPTIONS preflight request before the expected GET request. Wrangler was able to successfully complete the login with the first (OPTIONS) request, and therefore upon the second (GET) request, errored because the token exchange had already occured and could not be repeated.
+
+Wrangler now stops processing the OPTIONS request before completing the token exchange and only proceeds on the expected GET request.
diff --git a/packages/wrangler/src/user/user.ts b/packages/wrangler/src/user/user.ts
@@ -953,6 +953,7 @@ export async function login(
 
 			assert(req.url, "This request doesn't have a URL"); // This should never happen
 			const { pathname, query } = url.parse(req.url, true);
+			if (req.method !== "GET") return res.end("OK");
 			switch (pathname) {
 				case "/oauth/callback": {
 					let hasAuthCode = false;