fix(http): CORS credentials incompatible with wildcard headers

Author: devwhodevs

src/http.rs

@@ -343,8 +343,11 @@ fn cors_layer(origins: &[String]) -> CorsLayer {
     CorsLayer::new()
         .allow_origin(origins)
         .allow_methods([Method::GET, Method::POST, Method::OPTIONS])
-        .allow_headers(Any)
-        .allow_credentials(true)
+        .allow_headers([
+            axum::http::header::AUTHORIZATION,
+            axum::http::header::CONTENT_TYPE,
+            axum::http::header::ACCEPT,
+        ])
 }
 
 // ---------------------------------------------------------------------------