Allow cors with credentials (#1163)

"anyHost" is not allowed in combination with "Access-Control-Allow-Credentials" (https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#sect2). At least the default webUI always includes credentials which causes a cors policy violation
2025-12-10 06:42:07 +01:00 · 2024-11-23 02:00:25 +01:00
parent 38673bbff4
commit 3325a36cae
1 changed files with 2 additions and 1 deletions
--- a/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt
+++ b/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt
@@ -91,7 +91,8 @@ object JavalinSetup {

                config.bundledPlugins.enableCors { cors ->
                    cors.addRule {
-                        it.anyHost()
+                        it.allowCredentials = true
+                        it.reflectClientOrigin = true
                    }
                }