Fix: Settings LocalHost Auth (#25)

src/components/settings/Settings.svelte

@@ -3075,9 +3075,10 @@
   .perf-stat { font-family: var(--font-ui); font-size: var(--text-xs); color: var(--text-secondary); letter-spacing: var(--tracking-wide); flex-shrink: 0; }
 
   /* ── Security ────────────────────────────────────────────────────────────── */
+  .sec-banner        { font-family: var(--font-ui); font-size: var(--text-xs); line-height: var(--leading-snug); border-radius: var(--radius-md); padding: var(--sp-3); letter-spacing: var(--tracking-wide); }
   .sec-banner-error  { color: var(--color-error); background: var(--color-error-bg); border: 1px solid var(--color-error); }
-  .sec-banner-warn   { color: var(--color-error); background: var(--color-error-bg); border: 1px solid var(--color-error); }
+  .sec-banner-warn   { color: var(--color-warn, var(--color-error)); background: var(--color-warn-bg, var(--color-error-bg)); border: 1px solid var(--color-warn, var(--color-error)); }
-  .sec-banner-warn code { font-family: monospace; font-size: 10px; background: color-mix(in srgb, var(--color-error) 12%, transparent); padding: 1px 4px; border-radius: 3px; }
+  .sec-banner-warn code { font-family: monospace; font-size: 10px; background: color-mix(in srgb, var(--color-warn, var(--color-error)) 12%, transparent); padding: 1px 4px; border-radius: 3px; }
   .sec-pill-warn    { border-color: var(--color-error); color: var(--color-error); background: var(--color-error-bg); }
   .section-title-row { display: flex; align-items: center; justify-content: space-between; padding: var(--sp-3) var(--sp-3) var(--sp-2); }
   .section-title-row .section-title { padding: 0; }

src/lib/auth.ts

@@ -29,7 +29,7 @@ export function fetchAuthenticated(
     return fetch(url, {
       ...init,
       signal,
-      credentials: "include",
+      credentials: "omit",
       headers: {
         ...(init.headers as Record<string, string> ?? {}),
         ...(user && pass ? basicHeader(user, pass) : {}),
@@ -37,12 +37,13 @@ export function fetchAuthenticated(
     });
   }
 
-  return fetch(url, { ...init, signal });
+  return fetch(url, { ...init, signal, credentials: "omit" });
 }
 
 export async function loginBasic(user: string, pass: string): Promise<void> {
   const res = await fetch(`${getServerBase()}/api/graphql`, {
     method:      "POST",
+    credentials: "omit",
     headers:     { "Content-Type": "application/json", ...basicHeader(user, pass) },
     body:        JSON.stringify({ query: "{ __typename }" }),
     signal:      AbortSignal.timeout(5000),
@@ -71,15 +72,13 @@ export async function probeServer(): Promise<"ok" | "auth_required" | "unsupport
 
     const res = await fetch(`${base}/api/graphql`, {
       method:      "POST",
-      credentials: "include",
+      credentials: "omit",
       headers,
       body:        JSON.stringify({ query: "{ __typename }" }),
       signal:      AbortSignal.timeout(2000),
     });
 
-    if (res.ok) {
+    if (res.ok) return "ok";
-      return "ok";
-    }
 
     if (res.status === 401) {
       const wwwAuth = res.headers.get("WWW-Authenticate") ?? "";