deboste 96547f68a3 fix(frontend): use URL origin for fetch/EventSource to support reverse proxy auth ...

When Hermes WebUI runs behind a reverse proxy with HTTP basic auth
(e.g. Caddy basic_auth), browsers embed credentials in the page URL.
The Fetch API and EventSource reject requests constructed from URLs
that include credentials (per Fetch spec, all modern browsers).

Fix: construct all fetch() and EventSource URLs via
new URL(path, location.origin) which strips credentials from the
base URL. Add credentials:"include" to ensure auth headers are
forwarded on each request.

2026-03-31 15:00:38 +00:00

6.5 KiB

Raw Blame History

View Raw