Verifying CORS requests way earlier

Especially `OPTIONS` does not require anything else and we can bail out
safely. Also avoids spawning useless sessions.

diff --git a/wcfsetup/install/files/lib/system/WCF.class.php b/wcfsetup/install/files/lib/system/WCF.class.php
index 79704154d43b2864f01636cfc50f24cebf74f52b..28d70129b5628fb412d04741dc1238533bd7e944 100644 (file)
--- a/wcfsetup/install/files/lib/system/WCF.class.php
+++ b/wcfsetup/install/files/lib/system/WCF.class.php
@@ -147,13 +147,13 @@ class WCF {
                // start initialization
                $this->initDB();
                $this->loadOptions();
+               $this->initCors();
                $this->initSession();
                $this->initLanguage();
                $this->initTPL();
                $this->initCronjobs();
                $this->initCoreObjects();
                $this->initApplications();
-               $this->initCors();
                $this->initBlacklist();
                
                EventHandler::getInstance()->fireAction($this, 'initialized');