chihlasm 7518fe643b fix(cors): return proper responses from middleware instead of re-raising ...

Root cause: Both RequestLoggingMiddleware and ErrorLoggingMiddleware used
BaseHTTPMiddleware and re-raised exceptions. When an exception (like a 401
from auth) was re-raised, the response never flowed back through
CORSMiddleware, so browsers received error responses without CORS headers.
This made 401 errors appear as CORS errors, breaking session resume and
other operations after token expiry.

Fix: Both middlewares now catch exceptions and return JSONResponse objects
(with correct status codes from HTTPException) instead of re-raising. This
ensures responses always flow through CORSMiddleware and receive proper
Access-Control-Allow-Origin headers.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-20 06:05:20 +00:00

5.0 KiB

Raw Blame History

View Raw