Lukas 0a350b3acc Optimize API client headers by method - only set Content-Type and CSRF header as needed ...

- Only set Content-Type header for requests with a body (POST, PUT, DELETE with body)
- Only set X-BanGUI-Request CSRF header for mutating methods (POST, PUT, DELETE, PATCH)
- GET, HEAD, OPTIONS requests no longer include unnecessary headers, reducing CORS preflights
- Update Web-Development.md to clarify conditional header behavior
- Add comprehensive tests for header behavior by HTTP method

This reduces unnecessary CORS preflight requests on GET endpoints while maintaining
CSRF protection on state-mutating requests.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

2026-04-29 19:52:17 +02:00

..

Architekture.md

Fix non-atomic setup persistence across DB contexts (Issue #30)

2026-04-29 19:19:53 +02:00

Backend-Development.md

Fix #34: Replace setup redirect allowlist prefix matching with explicit allowlist

2026-04-29 19:45:42 +02:00

Features.md

Fix issue #31: Make schedule reschedule deterministic and observable

2026-04-29 19:24:55 +02:00

Instructions.md

fix(security): Remove insecure session secret fallback in compose.debug.yml

2026-04-26 15:12:10 +02:00

Refactoring.md

Refactor: Split blocklist import flow into focused components

2026-04-27 18:34:11 +02:00

runner.csx

Refactor services and update documentation

2026-04-26 20:27:04 +02:00

Tasks.md

Optimize API client headers by method - only set Content-Type and CSRF header as needed

2026-04-29 19:52:17 +02:00

test.md

chore: add Docker config files and fix fail2ban bind mount path

2026-03-03 20:38:32 +01:00

Web-Design.md

Add skeleton loading components for progressive UX

2026-04-28 09:40:10 +02:00

Web-Development.md

Optimize API client headers by method - only set Content-Type and CSRF header as needed

2026-04-29 19:52:17 +02:00