From c8a2144a4bcc11d3bc0b90510117a2bb3ea5654f Mon Sep 17 00:00:00 2001
From: Anderson de Paiva <andersondepaiva92@gmail.com>
Date: Mon, 23 Sep 2019 16:33:37 +0100
Subject: [PATCH] Resolved BugFix #993 (#996)

---
 .../Authorisation/Middleware/AuthorisationMiddleware.cs  | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/Ocelot/Authorisation/Middleware/AuthorisationMiddleware.cs b/src/Ocelot/Authorisation/Middleware/AuthorisationMiddleware.cs
index cc5cfda8..ca2f118f 100644
--- a/src/Ocelot/Authorisation/Middleware/AuthorisationMiddleware.cs
+++ b/src/Ocelot/Authorisation/Middleware/AuthorisationMiddleware.cs
@@ -25,7 +25,7 @@
 
         public async Task Invoke(DownstreamContext context)
         {
-            if (IsAuthenticatedRoute(context.DownstreamReRoute))
+            if (!IsOptionsHttpMethod(context) && IsAuthenticatedRoute(context.DownstreamReRoute))
             {
                 Logger.LogInformation("route is authenticated scopes must be checked");
 
@@ -52,7 +52,7 @@
                 }
             }
 
-            if (IsAuthorisedRoute(context.DownstreamReRoute))
+            if (!IsOptionsHttpMethod(context) && IsAuthorisedRoute(context.DownstreamReRoute))
             {
                 Logger.LogInformation("route is authorised");
 
@@ -98,6 +98,11 @@
         private static bool IsAuthorisedRoute(DownstreamReRoute reRoute)
         {
             return reRoute.IsAuthorised;
+        }
+
+        private static bool IsOptionsHttpMethod(DownstreamContext context)
+        {
+            return context.HttpContext.Request.Method.ToUpper() == "OPTIONS";
         }
     }
 }