Files
coolcouch/docker-compose.yml
Julien Calixte 67787bdf31 fix(cors): enable credentials, enumerate origins for PouchDB sessions
PouchDB-style apps call fetch with credentials: 'include' to maintain
the CouchDB _session cookie. Without Access-Control-Allow-Credentials:
true in the preflight response, the browser silently blocks the
mutating request (Firefox HAR shows status 0, _securityState insecure).
Switching cors/credentials to true forces enumerating allowed origins
(wildcard + credentials is forbidden by the CORS spec). Listed are the
common Vite/Next/etc. local dev ports plus the vaquant.at frontend.
2026-06-01 21:55:13 +02:00

2.3 KiB