Feature Request: Send CORS headers even on failed authentication
It would be very helpful if Pi-hole consistently sent CORS headers on every response, including authentication failures.
Why?
Currently, when calling the Pi-hole API (/api/auth) with a wrong password, Pi-hole doesn't include CORS headers in the response. As a result, it becomes impossible to distinguish between these three cases:
- The box is unreachable
- The password is wrong
- An actual network error
All three situations look identical on the client side just a failed request with no useful information.
Thank you for considering this!