fix(settings): send JSON Content-Type on configuration PUTsHEAD main

fetch() defaults a string body to text/plain, which SvelteKit's csrf_check_origin treats as a form submission. Behind portless's HTTPS-to-HTTP dev proxy the Origin scheme mismatches url.origin and the requests 403'd. Declaring application/json is correct for the body and bypasses the form-content-type check.
author: Fuwn <[email protected]> 2026-05-21 13:44:59 +0000
committer: Fuwn <[email protected]> 2026-05-21 13:44:59 +0000
commit: d9244d6f3cef8d6d7cba9b00fce2b25621742616 (patch)
tree: 1a8e5d6e18e05e2159e5dc2fa76d1f3ba28f7ddb /src/lib/CommandPalette/syncActions.ts
parent: feat(debug): add dry-run mutations mode (diff)
download: due.moe-d9244d6f3cef8d6d7cba9b00fce2b25621742616.tar.xz
due.moe-d9244d6f3cef8d6d7cba9b00fce2b25621742616.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/src/lib/CommandPalette/syncActions.ts b/src/lib/CommandPalette/syncActions.ts
index 49859221..90c6a931 100644
--- a/src/lib/CommandPalette/syncActions.ts
+++ b/src/lib/CommandPalette/syncActions.ts
@@ -24,6 +24,7 @@ export const syncActions = (
 
 				fetch(root(`/api/configuration`), {
 					method: "PUT",
+					headers: { "Content-Type": "application/json" },
 					body: JSON.stringify(get(settings)),
 				})
 					.then((response) => {
author	Fuwn <[email protected]>	2026-05-21 13:44:59 +0000
committer	Fuwn <[email protected]>	2026-05-21 13:44:59 +0000
commit	d9244d6f3cef8d6d7cba9b00fce2b25621742616 (patch)
tree	1a8e5d6e18e05e2159e5dc2fa76d1f3ba28f7ddb /src/lib/CommandPalette/syncActions.ts
parent	feat(debug): add dry-run mutations mode (diff)
download	due.moe-d9244d6f3cef8d6d7cba9b00fce2b25621742616.tar.xz due.moe-d9244d6f3cef8d6d7cba9b00fce2b25621742616.zip