Teknium 411e3c1539 fix(api-server): allow Idempotency-Key in CORS headers (#3530) ...

Browser clients using the Idempotency-Key header for request
deduplication were blocked by CORS preflight because the header
was not listed in Access-Control-Allow-Headers.

Add Idempotency-Key to _CORS_HEADERS and add tests for both the
new header allowance and the existing Vary: Origin behavior.

Co-authored-by: aydnOktay <aydnOktay@users.noreply.github.com>
Co-authored-by: Hermes Agent <hermes@nousresearch.com>

2026-03-28 08:16:41 -07:00

60 KiB

Raw Blame History

View Raw