fix(api): add explicit fetch CORS options and response header debug logging

Added mode, credentials, redirect, and cache options to the GET fetchOptions object. These were previously left to browser defaults, which vary by environment and can produce opaque CORS failures that are hard to diagnose. Being explicit avoids environment-dependent surprises. Also added a try/catch around response.headers logging (log_lvl >= 1) so header dumps don't throw in environments that restrict header access. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 14:05:31 -04:00
parent f950c22a59
commit 99541f0f9d
1 changed files with 15 additions and 1 deletions
--- a/src/lib/ae_api/api_get_object.ts
+++ b/src/lib/ae_api/api_get_object.ts
@@ -173,7 +173,13 @@ export const get_object = async function get_object({
    const fetchOptions: RequestInit = {
        method: 'GET',
        headers: headers_cleaned,
-        signal: controller.signal
+        signal: controller.signal,
+        // Be explicit about CORS behavior and redirect handling to avoid
+        // environment-dependent defaults that can cause opaque failures.
+        mode: 'cors',
+        credentials: 'omit',
+        redirect: 'follow',
+        cache: 'no-store'
    };

    if (log_lvl > 1) {
@@ -259,6 +265,14 @@ export const get_object = async function get_object({
                console.log(
                    `Response: status=${response.status} statusText=${response.statusText} url=${response.url} attempt=${attempt}`
                );
+                try {
+                    console.log(
+                        'Response headers:',
+                        Object.fromEntries(response.headers.entries())
+                    );
+                } catch (e) {
+                    /* ignore header read errors */
+                }
            }
            if (log_lvl > 1) {
                console.log('Response:', response);