CORS Issue - Request credentials mode always set to 'include'

[MisterTimn]

We use this plugin to call pipeline triggers on our GitLab instance, these use simple requests, with an api token as a query parameter. Since updating Grafana to latest version we had to also update this button plugin (we couldn't see/edit any of the Rest Integration settings of the panel).

After updating the plugin we get CORS errors when using our buttons:

Access to fetch at 'https://our-gitlab-server.com/api/v4/projects/###/trigger/pipeline?ref=master&token=######&variables' from origin 'https://our-cluster-domain.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.

We checked the code and saw that it is defaulting to setting credentials: true, even when not using any form of auth. I am not versed in typescript to make the necessary changes and am not familiar enough with CORS policies and such but I thought this might be a cause to our problem?

https://github.com/cloudspout/cloudspout-button-panel/blob/f5777a18fbe3333ca4cac477ac1fc252486f4c2b/src/ButtonPanel.tsx#L105-L113

[Jorgevillada]

hi @MisterTimn, can you check this PR? #46

[GOinfo-Ltd]

Hi. Any ETA on the fix being merged in ?