diff options
| author | Fuwn <[email protected]> | 2026-05-21 13:44:59 +0000 |
|---|---|---|
| committer | Fuwn <[email protected]> | 2026-05-21 13:44:59 +0000 |
| commit | d9244d6f3cef8d6d7cba9b00fce2b25621742616 (patch) | |
| tree | 1a8e5d6e18e05e2159e5dc2fa76d1f3ba28f7ddb /src/stores | |
| parent | feat(debug): add dry-run mutations mode (diff) | |
| download | due.moe-d9244d6f3cef8d6d7cba9b00fce2b25621742616.tar.xz due.moe-d9244d6f3cef8d6d7cba9b00fce2b25621742616.zip | |
fix(settings): send JSON Content-Type on configuration PUTs
fetch() defaults a string body to text/plain, which SvelteKit's
csrf_check_origin treats as a form submission. Behind portless's
HTTPS-to-HTTP dev proxy the Origin scheme mismatches url.origin
and the requests 403'd. Declaring application/json is correct for
the body and bypasses the form-content-type check.
Diffstat (limited to 'src/stores')
| -rw-r--r-- | src/stores/settings.ts | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/stores/settings.ts b/src/stores/settings.ts index 1d808a82..50dd4013 100644 --- a/src/stores/settings.ts +++ b/src/stores/settings.ts @@ -222,6 +222,7 @@ settings.subscribe((value) => { if (data?.configuration && !isEqualsJson(data.configuration, value)) fetch(root(`/api/configuration`), { method: "PUT", + headers: { "Content-Type": "application/json" }, body: JSON.stringify(value), }) .then((response) => { |