fix(auth): override credentials header on OAuth CORS entries

waleedlatif1 · waleedlatif1 · commit 59fc08490db8 · 2026-02-20T13:36:09.000-08:00
diff --git a/apps/sim/next.config.ts b/apps/sim/next.config.ts
@@ -152,6 +152,7 @@ const nextConfig: NextConfig = {
       {
         source: '/api/auth/oauth2/:path*',
         headers: [
+          { key: 'Access-Control-Allow-Credentials', value: 'false' },
           { key: 'Access-Control-Allow-Origin', value: '*' },
           { key: 'Access-Control-Allow-Methods', value: 'GET, POST, OPTIONS' },
           {
@@ -163,6 +164,7 @@ const nextConfig: NextConfig = {
       {
         source: '/api/auth/jwks',
         headers: [
+          { key: 'Access-Control-Allow-Credentials', value: 'false' },
           { key: 'Access-Control-Allow-Origin', value: '*' },
           { key: 'Access-Control-Allow-Methods', value: 'GET, OPTIONS' },
           { key: 'Access-Control-Allow-Headers', value: 'Content-Type, Accept' },
@@ -171,6 +173,7 @@ const nextConfig: NextConfig = {
       {
         source: '/api/auth/.well-known/:path*',
         headers: [
+          { key: 'Access-Control-Allow-Credentials', value: 'false' },
           { key: 'Access-Control-Allow-Origin', value: '*' },
           { key: 'Access-Control-Allow-Methods', value: 'GET, OPTIONS' },
           { key: 'Access-Control-Allow-Headers', value: 'Content-Type, Accept' },

Original file line number	Diff line number	Diff line change
`@@ -152,6 +152,7 @@ const nextConfig: NextConfig = {`
`152`	`152`	`{`
`153`	`153`	`source: '/api/auth/oauth2/:path*',`
`154`	`154`	`headers: [`
	`155`	`+ { key: 'Access-Control-Allow-Credentials', value: 'false' },`
`155`	`156`	`{ key: 'Access-Control-Allow-Origin', value: '*' },`
`156`	`157`	`{ key: 'Access-Control-Allow-Methods', value: 'GET, POST, OPTIONS' },`
`157`	`158`	`{`
`@@ -163,6 +164,7 @@ const nextConfig: NextConfig = {`
`163`	`164`	`{`
`164`	`165`	`source: '/api/auth/jwks',`
`165`	`166`	`headers: [`
	`167`	`+ { key: 'Access-Control-Allow-Credentials', value: 'false' },`
`166`	`168`	`{ key: 'Access-Control-Allow-Origin', value: '*' },`
`167`	`169`	`{ key: 'Access-Control-Allow-Methods', value: 'GET, OPTIONS' },`
`168`	`170`	`{ key: 'Access-Control-Allow-Headers', value: 'Content-Type, Accept' },`
`@@ -171,6 +173,7 @@ const nextConfig: NextConfig = {`
`171`	`173`	`{`
`172`	`174`	`source: '/api/auth/.well-known/:path*',`
`173`	`175`	`headers: [`
	`176`	`+ { key: 'Access-Control-Allow-Credentials', value: 'false' },`
`174`	`177`	`{ key: 'Access-Control-Allow-Origin', value: '*' },`
`175`	`178`	`{ key: 'Access-Control-Allow-Methods', value: 'GET, OPTIONS' },`
`176`	`179`	`{ key: 'Access-Control-Allow-Headers', value: 'Content-Type, Accept' },`