Controls how Ketesa sends cookies and credentials when making API requests. Most deployments don't need to touch this — the default works fine for standard setups. You'll typically only need it when adding a reverse-proxy authentication layer in front of your homeserver.
When to change it:
include— use this when you have cookie-based auth in front of your homeserver (e.g., ForwardAuth with Authelia). Cookies will be forwarded with every request regardless of origin.omit— use this if your setup explicitly must not send any cookies (rare; usually for strict security policies).same-origin— the default; works for the vast majority of deployments.
| Value | When to use | Behavior |
|---|---|---|
same-origin (default) |
Standard deployments | Cookies sent only for same-origin requests |
include |
Cookie-based auth (ForwardAuth, Authelia, etc.) | Cookies sent with every request |
omit |
Strict no-cookie policies | Cookies never sent |
{
"corsCredentials": "include"
}{
"cc.etke.ketesa": {
"corsCredentials": "include"
}
}