From 99541f0f9d9a88ced8507260d043fced800a8a71 Mon Sep 17 00:00:00 2001 From: Scott Idem Date: Thu, 26 Mar 2026 14:05:31 -0400 Subject: [PATCH] fix(api): add explicit fetch CORS options and response header debug logging Added mode, credentials, redirect, and cache options to the GET fetchOptions object. These were previously left to browser defaults, which vary by environment and can produce opaque CORS failures that are hard to diagnose. Being explicit avoids environment-dependent surprises. Also added a try/catch around response.headers logging (log_lvl >= 1) so header dumps don't throw in environments that restrict header access. Co-Authored-By: Claude Sonnet 4.6 --- src/lib/ae_api/api_get_object.ts | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/src/lib/ae_api/api_get_object.ts b/src/lib/ae_api/api_get_object.ts index ea5462c5..0dc78e71 100644 --- a/src/lib/ae_api/api_get_object.ts +++ b/src/lib/ae_api/api_get_object.ts @@ -173,7 +173,13 @@ export const get_object = async function get_object({ const fetchOptions: RequestInit = { method: 'GET', headers: headers_cleaned, - signal: controller.signal + signal: controller.signal, + // Be explicit about CORS behavior and redirect handling to avoid + // environment-dependent defaults that can cause opaque failures. + mode: 'cors', + credentials: 'omit', + redirect: 'follow', + cache: 'no-store' }; if (log_lvl > 1) { @@ -259,6 +265,14 @@ export const get_object = async function get_object({ console.log( `Response: status=${response.status} statusText=${response.statusText} url=${response.url} attempt=${attempt}` ); + try { + console.log( + 'Response headers:', + Object.fromEntries(response.headers.entries()) + ); + } catch (e) { + /* ignore header read errors */ + } } if (log_lvl > 1) { console.log('Response:', response);