From 4cb5dc8522d5800d4edb4f097c9e135cf3a0ba94 Mon Sep 17 00:00:00 2001
From: "Martti T." <desinformatsioon@gmail.com>
Date: Thu, 22 May 2025 14:11:27 +0300
Subject: [PATCH] =?UTF-8?q?Revert=20"CORS:=20reject=20requests=20with=2040?=
 =?UTF-8?q?1=20for=20non-preflight=20request=20with=20not=20mat=E2=80=A6"?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This reverts commit ee3e1297788e8fc3543489ebc0d4e940be7c6532.
---
 middleware/cors.go      | 2 +-
 middleware/cors_test.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/middleware/cors.go b/middleware/cors.go
index c2f995cd2..a1f445321 100644
--- a/middleware/cors.go
+++ b/middleware/cors.go
@@ -262,7 +262,7 @@ func CORSWithConfig(config CORSConfig) echo.MiddlewareFunc {
 			// Origin not allowed
 			if allowOrigin == "" {
 				if !preflight {
-					return echo.ErrUnauthorized
+					return next(c)
 				}
 				return c.NoContent(http.StatusNoContent)
 			}
diff --git a/middleware/cors_test.go b/middleware/cors_test.go
index d77c194c5..5461e9362 100644
--- a/middleware/cors_test.go
+++ b/middleware/cors_test.go
@@ -525,7 +525,7 @@ func TestCorsHeaders(t *testing.T) {
 			allowedOrigin: "http://example.com",
 			method:        http.MethodGet,
 			expected:      false,
-			expectStatus:  http.StatusUnauthorized,
+			expectStatus:  http.StatusOK,
 		},
 		{
 			name:          "non-preflight request, allow specific origin, matching origin header = CORS logic done",