louis/gigafibre-fsm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ops/TaskNode): drop credentials:'include' on job-delete fetch

Browse Source 
The hub responds with `Access-Control-Allow-Origin: *`, and the CORS
spec forbids the wildcard + credentials combination. Firefox rejects
the preflight before any response reaches JS, surfacing as
"NetworkError when attempting to fetch resource" when a user clicks
"Supprimer cette tâche" on an already-completed step (or any step).

Every other HUB_URL call in the ops SPA already omits credentials —
aligning TaskNode with the rest of the codebase is the simplest fix.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
louispaulb 2026-04-23 10:57:57 -04:00
parent ba4b5bae82
commit 60e300335b
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apps/ops/src/components/shared/TaskNode.vue
View File

@ -329,10 +329,13 @@ function confirmDelete () {
persistent: true, persistent: true,
}).onOk(async () => { }).onOk(async () => {
try { try {
// NB: no `credentials: 'include'` the hub responds with
// `Access-Control-Allow-Origin: *`, and that combination is forbidden
// by the CORS spec (browsers reject the preflight as NetworkError).
// Every other hub call in this SPA follows the same pattern.
const res = await fetch(`${HUB_URL}/dispatch/job-delete`, { const res = await fetch(`${HUB_URL}/dispatch/job-delete`, {
method: 'POST', method: 'POST',
headers: { 'Content-Type': 'application/json' }, headers: { 'Content-Type': 'application/json' },
credentials: 'include',
body: JSON.stringify({ job: props.job.name }), body: JSON.stringify({ job: props.job.name }),
}) })
const body = await res.json().catch(() => ({})) const body = await res.json().catch(() => ({}))