From 00d050ef5a2c30e66ec566aa5d427109908e3ce4 Mon Sep 17 00:00:00 2001
From: PeterCiuffetti <pciuffetti@cohenerntdigital.net>
Date: Thu, 16 Sep 2021 14:47:59 -0400
Subject: [PATCH 1/2] Adding check for request method to avoid basic auth on
 preflight requests (Issue 99)

---
 aws-es-proxy.go | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/aws-es-proxy.go b/aws-es-proxy.go
index f1f588ef..007f2a69 100644
--- a/aws-es-proxy.go
+++ b/aws-es-proxy.go
@@ -240,13 +240,15 @@ func (p *proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if p.auth {
-		user, pass, ok := r.BasicAuth()
+		if r.Method != http.MethodOptions {
+			user, pass, ok := r.BasicAuth()
 
-		if !ok || subtle.ConstantTimeCompare([]byte(user), []byte(p.username)) != 1 || subtle.ConstantTimeCompare([]byte(pass), []byte(p.password)) != 1 {
-			w.Header().Set("WWW-Authenticate", fmt.Sprintf("Basic realm=\"%s\"", p.realm))
-			w.WriteHeader(401)
-			_, _ = w.Write([]byte("Unauthorised.\n"))
-			return
+			if !ok || subtle.ConstantTimeCompare([]byte(user), []byte(p.username)) != 1 || subtle.ConstantTimeCompare([]byte(pass), []byte(p.password)) != 1 {
+				w.Header().Set("WWW-Authenticate", fmt.Sprintf("Basic realm=\"%s\"", p.realm))
+				w.WriteHeader(401)
+				_, _ = w.Write([]byte("Unauthorised.\n"))
+				return
+			}
 		}
 	}
 

From 370c3005bae02d4710ce3e5e8e4e7efd6ebf3bdd Mon Sep 17 00:00:00 2001
From: PeterCiuffetti <pciuffetti@cohenerntdigital.net>
Date: Thu, 16 Sep 2021 14:56:16 -0400
Subject: [PATCH 2/2] Updating path to forked repo

---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 5a620167..66976f5a 100644
--- a/go.mod
+++ b/go.mod
@@ -1,4 +1,4 @@
-module github.com/abutaha/aws-es-proxy
+module github.com/PeterCiuffetti/aws-es-proxy
 
 go 1.14