allow OPTIONS method in starlette CORS middleware

If not allowed, then the middleware will return a 400 on pre-flight
CORS requests.

Fixes #3129.

diff --git a/nominatim/server/starlette/server.py b/nominatim/server/starlette/server.py
index 2bcc8df51c37b0bb8ad00316551903fc6ad728ed..f89e52a151dac89cf205ce25964f4483cbd5e272 100644 (file)
--- a/nominatim/server/starlette/server.py
+++ b/nominatim/server/starlette/server.py
@@ -114,7 +114,10 @@ def get_application(project_dir: Path,
 
     middleware = []
     if config.get_bool('CORS_NOACCESSCONTROL'):
 
     middleware = []
     if config.get_bool('CORS_NOACCESSCONTROL'):

-        middleware.append(Middleware(CORSMiddleware, allow_origins=['*']))
+        middleware.append(Middleware(CORSMiddleware,
+                                     allow_origins=['*'],
+                                     allow_methods=['GET', 'OPTIONS'],
+                                     max_age=86400))

 
     log_file = config.LOG_FILE
     if log_file:
 
     log_file = config.LOG_FILE
     if log_file: