From 61dce6a4fc5ec1215c260d3eba3a28454f1eb4df Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Thu, 15 Dec 2016 11:00:44 +0100
Subject: [PATCH] Verifying CORS requests way earlier

Especially `OPTIONS` does not require anything else and we can bail out
safely. Also avoids spawning useless sessions.
---
 wcfsetup/install/files/lib/system/WCF.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wcfsetup/install/files/lib/system/WCF.class.php b/wcfsetup/install/files/lib/system/WCF.class.php
index 79704154d4..28d70129b5 100644
--- a/wcfsetup/install/files/lib/system/WCF.class.php
+++ b/wcfsetup/install/files/lib/system/WCF.class.php
@@ -147,13 +147,13 @@ class WCF {
 		// start initialization
 		$this->initDB();
 		$this->loadOptions();
+		$this->initCors();
 		$this->initSession();
 		$this->initLanguage();
 		$this->initTPL();
 		$this->initCronjobs();
 		$this->initCoreObjects();
 		$this->initApplications();
-		$this->initCors();
 		$this->initBlacklist();
 		
 		EventHandler::getInstance()->fireAction($this, 'initialized');
-- 
2.20.1