claude-relay 2.1.2 → 2.1.3

package/lib/pages.js

@@ -444,8 +444,9 @@ function checkHttps() {
 
   var ac = new AbortController();
   setTimeout(function() { ac.abort(); }, 3000);
-  fetch(httpsUrl + "/info", { signal: ac.signal })
+  fetch(httpsUrl + "/info", { signal: ac.signal, mode: "no-cors" })
     .then(function() {
+      // Any response (even opaque/401) means TLS handshake succeeded = cert is trusted
       certStatus.className = "check-status ok";
       certStatus.textContent = "HTTPS connection verified. Certificate is trusted.";
       certNext.disabled = false;
@@ -614,7 +615,7 @@ if (!isHttps && !isLocal) {
     if (!info.httpsUrl) { init(); return; }
     var ac = new AbortController();
     setTimeout(function() { ac.abort(); }, 3000);
-    fetch(info.httpsUrl + "/info", { signal: ac.signal })
+    fetch(info.httpsUrl + "/info", { signal: ac.signal, mode: "no-cors" })
       .then(function() { location.replace(info.httpsUrl + "/setup"); })
       .catch(function() { init(); });
   }).catch(function() { init(); });

package/lib/server.js

@@ -262,7 +262,10 @@ function createServer(opts) {
     // Global info endpoint (auth required)
     if (req.method === "GET" && req.url === "/info") {
       if (!isAuthed(req, authToken)) {
-        res.writeHead(401, { "Content-Type": "application/json" });
+        res.writeHead(401, {
+          "Content-Type": "application/json",
+          "Access-Control-Allow-Origin": "*",
+        });
         res.end('{"error":"unauthorized"}');
         return;
       }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-relay",
-  "version": "2.1.2",
+  "version": "2.1.3",
   "description": "Web UI for Claude Code. Any device. Push notifications.",
   "bin": {
     "claude-relay": "./bin/cli.js"