3 years ago
Fix CORS for requests with credentials
For requests that set "
credentials
": "include
" we were incorrectly returning the Access-Control-Allow-Origin
header set to the wildcard *, breaking those requests.We just rolled out a fix for this by properly responding with the matching
Origin
request header instead!