From d330a8ef72c07305631a780e6a555cc6bce1ac62 Mon Sep 17 00:00:00 2001
From: pabloFuente <pablofuenteperez@gmail.com>
Date: Mon, 3 Nov 2025 13:47:19 +0100
Subject: [PATCH] openvidu-server: updated SecurityConfig precedence and
 OPTIONS method

---
 .../main/java/io/openvidu/server/config/SecurityConfig.java  | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/openvidu-server/src/main/java/io/openvidu/server/config/SecurityConfig.java b/openvidu-server/src/main/java/io/openvidu/server/config/SecurityConfig.java
index 251821c4d..ae575803c 100644
--- a/openvidu-server/src/main/java/io/openvidu/server/config/SecurityConfig.java
+++ b/openvidu-server/src/main/java/io/openvidu/server/config/SecurityConfig.java
@@ -74,8 +74,8 @@ public class SecurityConfig {
 	 */
 	protected void configureAuthorization(HttpSecurity http) throws Exception {
 		http.authorizeHttpRequests(auth -> {
-			configurePublicEndpoints(auth);
 			configureProtectedEndpoints(auth);
+			configurePublicEndpoints(auth);
 			configureWebSocketEndpoints(auth);
 		});
 	}
@@ -94,6 +94,9 @@ public class SecurityConfig {
 		} else {
 			auth.requestMatchers(HttpMethod.GET, RequestMappings.RECORDINGS + "/**").hasRole("ADMIN");
 		}
+
+		// Allow CORS preflight requests
+		auth.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll();
 	}
 
 	/**