CORS: don't require authentication on OPTIONS

app.php

@@ -79,5 +79,5 @@ $errorMiddleware->setDefaultErrorHandler(
 	new \Grocy\Controllers\ExceptionController($app, $container)
 );
 
-$app->add(CorsMiddleware::class);
+$app->add(new CorsMiddleware($app->getResponseFactory()));
 $app->run();

middleware/CorsMiddleware.php

@@ -2,22 +2,37 @@
 
 namespace Grocy\Middleware;
 
+use Psr\Http\Message\ResponseFactoryInterface;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
 use Psr\Http\Message\ResponseInterface as Response;
 use Slim\Routing\RouteContext;
 
-class CorsMiddleware extends BaseMiddleware
+class CorsMiddleware
 {
+	/**
+	 * @var ResponseFactoryInterface
+	 */
+	private $responseFactory;
+
+	public function __construct(ResponseFactoryInterface $responseFactory)
+	{
+		$this->responseFactory = $responseFactory;
+	}
+
 	public function __invoke(Request $request, RequestHandler $handler): Response
 	{
+		if ($request->getMethod() == "OPTIONS")
+			$response = $this->responseFactory->createResponse(200);
+		else {
+			$response = $handler->handle($request);
+
+		}
 		//$routeContext = RouteContext::fromRequest($request);
 		//$routingResults = $routeContext->getRoutingResults();
 		//$methods = $routingResults->getAllowedMethods();
 		//$requestHeaders = $request->getHeaderLine('Access-Control-Request-Headers');
 
-		$response = $handler->handle($request);
-
 		$response = $response->withHeader('Access-Control-Allow-Origin', '*');
 		$response = $response->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
 		$response = $response->withHeader('Access-Control-Allow-Headers', '*');