From 7d0a59ae3e8680a7a1ade794934abb8af14b6f01 Mon Sep 17 00:00:00 2001
From: Andrew Bolyachevets <Andriy.Bolyachevets@gov.bc.ca>
Date: Wed, 10 Apr 2024 08:37:12 -0700
Subject: [PATCH] handle cors preflight without auth (#111)

---
 notify-api/src/notify_api/resources/v2/safe_list.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/notify-api/src/notify_api/resources/v2/safe_list.py b/notify-api/src/notify_api/resources/v2/safe_list.py
index c89560fb..ba3ee1e8 100644
--- a/notify-api/src/notify_api/resources/v2/safe_list.py
+++ b/notify-api/src/notify_api/resources/v2/safe_list.py
@@ -25,7 +25,7 @@
 bp = Blueprint("SAFE_LIST", __name__, url_prefix="/safe_list")
 
 
-@bp.route("/", methods=["POST", "OPTIONS"])
+@bp.route("/", methods=["POST"])
 @jwt.requires_auth
 @jwt.has_one_of_roles([Role.SYSTEM.value, Role.STAFF.value])
 @validate()
@@ -40,7 +40,14 @@ def safe_list(body: SafeListRequest):  # pylint: disable=unused-argument
     return {}, HTTPStatus.OK
 
 
-@bp.route("/", methods=["GET", "OPTIONS"])
+@bp.route("/", methods=["OPTIONS"])
+@validate()
+def get_safe_list_preflight():
+    """Handle safe list cors preflight."""
+    return {}, HTTPStatus.OK
+
+
+@bp.route("/", methods=["GET"])
 @jwt.requires_auth
 @jwt.has_one_of_roles([Role.SYSTEM.value, Role.STAFF.value])
 @validate()