diff --git a/src/components/settings/Settings.svelte b/src/components/settings/Settings.svelte index 0e29306..e32a602 100644 --- a/src/components/settings/Settings.svelte +++ b/src/components/settings/Settings.svelte @@ -3075,9 +3075,10 @@ .perf-stat { font-family: var(--font-ui); font-size: var(--text-xs); color: var(--text-secondary); letter-spacing: var(--tracking-wide); flex-shrink: 0; } /* ── Security ────────────────────────────────────────────────────────────── */ + .sec-banner { font-family: var(--font-ui); font-size: var(--text-xs); line-height: var(--leading-snug); border-radius: var(--radius-md); padding: var(--sp-3); letter-spacing: var(--tracking-wide); } .sec-banner-error { color: var(--color-error); background: var(--color-error-bg); border: 1px solid var(--color-error); } - .sec-banner-warn { color: var(--color-error); background: var(--color-error-bg); border: 1px solid var(--color-error); } - .sec-banner-warn code { font-family: monospace; font-size: 10px; background: color-mix(in srgb, var(--color-error) 12%, transparent); padding: 1px 4px; border-radius: 3px; } + .sec-banner-warn { color: var(--color-warn, var(--color-error)); background: var(--color-warn-bg, var(--color-error-bg)); border: 1px solid var(--color-warn, var(--color-error)); } + .sec-banner-warn code { font-family: monospace; font-size: 10px; background: color-mix(in srgb, var(--color-warn, var(--color-error)) 12%, transparent); padding: 1px 4px; border-radius: 3px; } .sec-pill-warn { border-color: var(--color-error); color: var(--color-error); background: var(--color-error-bg); } .section-title-row { display: flex; align-items: center; justify-content: space-between; padding: var(--sp-3) var(--sp-3) var(--sp-2); } .section-title-row .section-title { padding: 0; } diff --git a/src/lib/auth.ts b/src/lib/auth.ts index e5008d1..1a1fbe5 100644 --- a/src/lib/auth.ts +++ b/src/lib/auth.ts @@ -29,7 +29,7 @@ export function fetchAuthenticated( return fetch(url, { ...init, signal, - credentials: "include", + credentials: "omit", headers: { ...(init.headers as Record ?? {}), ...(user && pass ? basicHeader(user, pass) : {}), @@ -37,15 +37,16 @@ export function fetchAuthenticated( }); } - return fetch(url, { ...init, signal }); + return fetch(url, { ...init, signal, credentials: "omit" }); } export async function loginBasic(user: string, pass: string): Promise { const res = await fetch(`${getServerBase()}/api/graphql`, { - method: "POST", - headers: { "Content-Type": "application/json", ...basicHeader(user, pass) }, - body: JSON.stringify({ query: "{ __typename }" }), - signal: AbortSignal.timeout(5000), + method: "POST", + credentials: "omit", + headers: { "Content-Type": "application/json", ...basicHeader(user, pass) }, + body: JSON.stringify({ query: "{ __typename }" }), + signal: AbortSignal.timeout(5000), }); if (!res.ok) throw new Error(`Authentication failed (${res.status})`); updateSettings({ serverAuthMode: "BASIC_AUTH", serverAuthUser: user, serverAuthPass: pass }); @@ -71,15 +72,13 @@ export async function probeServer(): Promise<"ok" | "auth_required" | "unsupport const res = await fetch(`${base}/api/graphql`, { method: "POST", - credentials: "include", + credentials: "omit", headers, body: JSON.stringify({ query: "{ __typename }" }), signal: AbortSignal.timeout(2000), }); - if (res.ok) { - return "ok"; - } + if (res.ok) return "ok"; if (res.status === 401) { const wwwAuth = res.headers.get("WWW-Authenticate") ?? "";