Allow credentialed cross-origin API requests

2026-04-14 18:17:29 +08:00 · 2026-03-17 18:16:52 +08:00
parent 4edfe8e2f0
commit ceb34d6c7e
2 changed files with 4 additions and 0 deletions
--- a/pkg/api/server_test.go
+++ b/pkg/api/server_test.go
@@ -193,6 +193,9 @@ func TestWithCORSEchoesPreflightHeaders(t *testing.T) {
 	if got := rec.Header().Get("Access-Control-Allow-Origin"); got != "https://dash.clawgo.dev" {
 		t.Fatalf("unexpected allow origin: %q", got)
 	}
+	if got := rec.Header().Get("Access-Control-Allow-Credentials"); got != "true" {
+		t.Fatalf("unexpected allow credentials: %q", got)
+	}
 	if got := rec.Header().Get("Access-Control-Allow-Methods"); got != "POST" {
 		t.Fatalf("unexpected allow methods: %q", got)
 	}