From ae68a08f06df5194a3c0fa9a84bca2e8449f9e69 Mon Sep 17 00:00:00 2001
From: mhbdev <whw1483@gmail.com>
Date: Tue, 6 Jan 2026 21:14:52 +0330
Subject: [PATCH] Updated the OPTIONS handler to return a 204 with an empty
 payload while preserving the CORS headers, so preflight requests no longer
 get a 200/HTML body

---
 runners/client/ClientRunner.cpp | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/runners/client/ClientRunner.cpp b/runners/client/ClientRunner.cpp
index f39442e..8e8d393 100644
--- a/runners/client/ClientRunner.cpp
+++ b/runners/client/ClientRunner.cpp
@@ -370,9 +370,19 @@ void ClientRunner::receive_http_request(
     std::unique_ptr<ton::http::HttpRequest> request, std::shared_ptr<ton::http::HttpPayload> payload,
     td::Promise<std::pair<std::unique_ptr<ton::http::HttpResponse>, std::shared_ptr<ton::http::HttpPayload>>> promise) {
   if (request->method() == "OPTIONS") {
-    // TODO: return 204
-    std::string data = "<http><body>OK</body></http>";
-    http_send_static_answer(std::move(data), std::move(promise));
+    auto response =
+        ton::http::HttpResponse::create("HTTP/1.0", static_cast<ton::http::HttpStatusCode>(204), "no content", false,
+                                        false)
+            .move_as_ok();
+    response->add_header(ton::http::HttpHeader{"Access-Control-Allow-Origin", "*"});
+    response->add_header(ton::http::HttpHeader{"Access-Control-Allow-Methods", "GET, POST, OPTIONS"});
+    response->add_header(ton::http::HttpHeader{"Access-Control-Allow-Headers", "Content-Type, Authorization"});
+    response->add_header(ton::http::HttpHeader{"Content-Length", "0"});
+    response->complete_parse_header();
+
+    auto empty_payload = response->create_empty_payload().move_as_ok();
+    empty_payload->complete_parse();
+    promise.set_result(std::make_pair(std::move(response), std::move(empty_payload)));
     return;
   }
   if (request->url() == "/v1/models") {