Pi-hole doesn't send CORS headers on failed authentication
When calling the Pi-hole API /api/auth with a wrong password, Pi-hole doesn't include CORS headers in the response.
The result: impossible to distinguish between these three cases:
The box is unreachable
The password is wrong
An actual network error
All three situations look identical on the client side just a failed request with no useful information. It would be great if Pi-hole consistently sent CORS headers even on authentication failures.
Has anyone else noticed this?