What is the issue with the Fetch Standard?
When loading https://rodericksdentalpartners.portal.dental/, it makes a CORS-preflight fetch to https://p-euw1-d1-rest.portal.dental/api/pusher/auth with one of the request headers being Authorization and the server responds with access-control-allow-headers: *.
The current spec disallows this, but Firefox, Chrome and Safari allow it. Firefox is the only one to provide a compatibility warning that it will soon disallow it, but doesn't seem to have seen activity related to this for a couple of years: https://bugzilla.mozilla.org/show_bug.cgi?id=1687364
What is the issue with the Fetch Standard?
When loading
https://rodericksdentalpartners.portal.dental/, it makes a CORS-preflight fetch tohttps://p-euw1-d1-rest.portal.dental/api/pusher/authwith one of the request headers beingAuthorizationand the server responds withaccess-control-allow-headers: *.The current spec disallows this, but Firefox, Chrome and Safari allow it. Firefox is the only one to provide a compatibility warning that it will soon disallow it, but doesn't seem to have seen activity related to this for a couple of years: https://bugzilla.mozilla.org/show_bug.cgi?id=1687364