From 80e8a2ea39d74a8856224ef2c7179f34cdb2f92b Mon Sep 17 00:00:00 2001
From: Valentin Gosu <1454649+valenting@users.noreply.github.com>
Date: Fri, 9 Feb 2024 16:42:41 +0100
Subject: [PATCH] server : allow CORS request with authorization headers
 (#1850)

Whisper plugin in Obsidian requires an API key which is
then sent as an authorization header.
However, the presence of an authorization header requires
a CORS Preflight, so both the OPTIONS method and
the Access-Control-Allow-Headers: authorization must be
handled.
---
 examples/server/server.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/examples/server/server.cpp b/examples/server/server.cpp
index 69c04bf3..4cfc2946 100644
--- a/examples/server/server.cpp
+++ b/examples/server/server.cpp
@@ -541,7 +541,7 @@ int main(int argc, char ** argv) {
     Server svr;
     svr.set_default_headers({{"Server", "whisper.cpp"},
                              {"Access-Control-Allow-Origin", "*"},
-                             {"Access-Control-Allow-Headers", "content-type"}});
+                             {"Access-Control-Allow-Headers", "content-type, authorization"}});
 
     std::string const default_content = R"(
     <html>
@@ -623,6 +623,9 @@ int main(int argc, char ** argv) {
         return false;
     });
 
+    svr.Options(sparams.request_path + "/inference", [&](const Request &req, Response &res){
+    });
+
     svr.Post(sparams.request_path + "/inference", [&](const Request &req, Response &res){
         // acquire whisper model mutex lock
         std::lock_guard<std::mutex> lock(whisper_mutex);