From 3325a36caefc6423b02cb4fd35685a61556bd946 Mon Sep 17 00:00:00 2001
From: schroda <50052685+schroda@users.noreply.github.com>
Date: Sat, 23 Nov 2024 02:00:25 +0100
Subject: [PATCH] Allow cors with credentials (#1163)

"anyHost" is not allowed in combination with "Access-Control-Allow-Credentials" (https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#sect2).
At least the default webUI always includes credentials which causes a cors policy violation
---
 .../src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt b/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt
index a900b0b8..8945cab5 100644
--- a/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt
+++ b/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt
@@ -91,7 +91,8 @@ object JavalinSetup {
 
                 config.bundledPlugins.enableCors { cors ->
                     cors.addRule {
-                        it.anyHost()
+                        it.allowCredentials = true
+                        it.reflectClientOrigin = true
                     }
                 }