fix(middleware): add Access-Control-Allow-Credentials header for CORS compliance

Author: Rock-520

backend/magic-service/app/Infrastructure/Util/Middleware/CorsMiddleware.php

@@ -21,6 +21,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
         $response = Context::get(ResponseInterface::class);
         $response = $response
             ->withHeader('Access-Control-Allow-Origin', '*')
+            ->withHeader('Access-Control-Allow-Credentials', 'true')
             ->withHeader('Access-Control-Allow-Headers', 'DNT,Keep-Alive,User-Agent,Cache-Control,Content-Type,Authorization,application-code,organization-code,x-forwarded-user,token,request-id,Language,api-key')
             ->withHeader('Access-Control-Allow-Methods', '*')
             ->withHeader('Request-Id', CoContext::getOrSetRequestId());

backend/super-magic/app/api/middleware/options_middleware.py

@@ -35,6 +35,7 @@ async def dispatch(self, request: Request, call_next):
             response.headers["Access-Control-Allow-Origin"] = "*"
             response.headers["Access-Control-Allow-Methods"] = "GET, POST, PUT, DELETE, OPTIONS, PATCH"
             response.headers["Access-Control-Allow-Headers"] = "*"
+            response.headers["Access-Control-Allow-Credentials"] = "true"
             response.headers["Access-Control-Max-Age"] = "3600"
             return response