Bypass authorization token for preflight requests

Browsers should not send credentials in preflight requests irrespective of this setting. Source: https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#sending_a_request_with_credentials_included
vllm-project · May 16, 2024 · 875ea02 · 875ea02
1 parent 973617a
commit 875ea02
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/vllm/entrypoints/openai/api_server.py b/vllm/entrypoints/openai/api_server.py
@@ -154,6 +154,8 @@ async def create_embedding(request: EmbeddingRequest, raw_request: Request):
         @app.middleware("http")
         async def authentication(request: Request, call_next):
             root_path = "" if args.root_path is None else args.root_path
+            if request.method == "OPTIONS":
+                return await call_next(request)
             if not request.url.path.startswith(f"{root_path}/v1"):
                 return await call_next(request)
             if request.headers.get("Authorization") != "Bearer " + token: