From ed96c38467bf8ae194ce4a78402dd8022f7c2d86 Mon Sep 17 00:00:00 2001
From: Heryan Djaruma <heryandjaruma@gmail.com>
Date: Sat, 17 May 2025 12:04:59 +0700
Subject: [PATCH] add bypass auth

---
 functions/src/server.ts | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/functions/src/server.ts b/functions/src/server.ts
index 9062556..7ef7f40 100644
--- a/functions/src/server.ts
+++ b/functions/src/server.ts
@@ -15,19 +15,28 @@ const corsOptions: CorsOptions = {
     "http://localhost:5173",
     "https://garudahacks.com",
     "https://www.garudahacks.com",
-    "https://portal-ochre-iota.vercel.app"
+    "https://portal-ochre-iota.vercel.app",
     "https://portal.garudahacks.com",
   ],
   credentials: true,
   allowedHeaders: ["Content-Type", "Authorization", "X-XSRF-TOKEN"],
+  methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
 };
 
 // Middleware
-app.options("*", cors(corsOptions)); // preflight
 app.use(cors(corsOptions));
 app.use(cookieParser());
 app.use(express.json());
 
+// Bypass auth and CSRF for OPTIONS requests
+app.use((req: Request, res: Response, next: NextFunction) => {
+  if (req.method === "OPTIONS") {
+    res.status(204).send(""); // Ensure preflight requests return 204
+    return;
+  }
+  next();
+});
+
 // Auth validation
 app.use(validateSessionCookie);