From d15f6051293251d60d598a25c89e8fc5b6f75d4b Mon Sep 17 00:00:00 2001
From: Sarah Hoffmann <lonvia@denofr.de>
Date: Tue, 1 Aug 2023 11:12:36 +0200
Subject: [PATCH] allow OPTIONS method in starlette CORS middleware

If not allowed, then the middleware will return a 400 on pre-flight
CORS requests.

Fixes #3129.
---
 nominatim/server/starlette/server.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/nominatim/server/starlette/server.py b/nominatim/server/starlette/server.py
index 2bcc8df5..f89e52a1 100644
--- a/nominatim/server/starlette/server.py
+++ b/nominatim/server/starlette/server.py
@@ -114,7 +114,10 @@ def get_application(project_dir: Path,
 
     middleware = []
     if config.get_bool('CORS_NOACCESSCONTROL'):
-        middleware.append(Middleware(CORSMiddleware, allow_origins=['*']))
+        middleware.append(Middleware(CORSMiddleware,
+                                     allow_origins=['*'],
+                                     allow_methods=['GET', 'OPTIONS'],
+                                     max_age=86400))
 
     log_file = config.LOG_FILE
     if log_file:
-- 
2.45.1