ACL preflight continue

Hi there,

I’m trying to configure Kong so that auth is skipped for preflight OPTIONS requests (to enable CORS).
We are using both the JWT and ACL plugins for auth.

I have set run_on_preflight to false for the JWT, and that seems to skip the auth in JWT plugin.
But I am now getting an error from ACL plugin - {"message":"You cannot consume this service"}

Is there any way that the ACL check can be skipped for OPTIONS requests?

Thanks,
Mark

3 Likes