Fix authenticated media flows and upload preflight handling

2026-02-21 15:53:02 -03:00
parent 1cb6bfee58
commit c3f34b38b4
12 changed files with 619 additions and 35 deletions
--- a/doc/api-contract.md
+++ b/doc/api-contract.md
@@ -89,7 +89,8 @@ Primary implementation modules:
  - `ask`: returns `conflicts` if duplicate checksum is detected
  - `replace`: creates new document linked to replaced document id
  - `duplicate`: creates additional document record
-  - request rejected with `411` when `Content-Length` is missing
+  - upload `POST` request rejected with `411` when `Content-Length` is missing
+  - `OPTIONS /documents/upload` CORS preflight bypasses upload `Content-Length` enforcement
  - request rejected with `413` when file count, per-file size, or total request size exceeds configured limits

 ## Search