15:46 <FromGitter> <dyakubovich> Hello. I try to configure Amber::Pipe::CORS.new for cross-origin request. I added additional origins and extra header `X-Auth-Key`. On the frontend app i use `fetch` with options `credentials: 'include'`. It is working good, but if i add extra header `X-Auth-Key` to request, i will get 403 CORS error. Any idea how to send extra header with `credentials: 'include'` ? It's code example: ⏎ ⏎ ```code paste,

15:46 <FromGitter> ... see link``` [https://gitter.im/amberframework/amber?at=5f283152b6f7406a740618d0]

15:58 <FromGitter> <Blacksmoke16> looks like `GET` isnt in the valid method list by default? https://github.com/amberframework/amber/blob/master/src/amber/pipes/cors.cr#L22

16:00 <FromGitter> <Blacksmoke16> nvm, that var isnt used anywhere anyway

16:01 <FromGitter> <Blacksmoke16> only for preflight*

16:06 <FromGitter> <dyakubovich> Yes, thank you @Blacksmoke16 , problem was in method list by default

16:07 <FromGitter> <Blacksmoke16> oh it was failing the OPTIONS request?

16:09 <FromGitter> <dyakubovich> I added `GET` to the methods `methods = %w(GET POST PUT PATCH DELETE)` and `plug Amber::Pipe::CORS.new(origins: origins, headers: headers, methods: methods, credentials: true)` . So now it works

16:12 <FromGitter> <Blacksmoke16> but it was making an `OPTIONS` request?

16:13 <FromGitter> <dyakubovich> Yes

16:13 <FromGitter> <Blacksmoke16> i so that would make sense, `credentials` option is prob setting a cookie header which isnt a "safe" header so it triggers a preflight

17:47 <FromGitter> <samholst> @drujensen https://github.com/amberframework/amber/issues/1224, issue created :)

18:20 <FromGitter> <drujensen> Thank you.