Always allow set credentials header

Jellyfin.Server/Middleware/DynamicCorsMiddleware.cs

@@ -52,12 +52,10 @@ namespace Jellyfin.Server.Middleware
                     && string.Equals(headerValue, "*", StringComparison.Ordinal))
                 {
                     context.Response.Headers[HeaderNames.AccessControlAllowOrigin] = context.Request.Host.Value;
-                    _logger.LogDebug("Overwriting CORS response header: {HeaderName}: {HeaderValue}", HeaderNames.AccessControlAllowOrigin, context.Request.Host.Value);
 
-                    if (!context.Response.Headers.ContainsKey(HeaderNames.AccessControlAllowCredentials))
+                    // Always allow credentials.
-                    {
+                    context.Response.Headers[HeaderNames.AccessControlAllowCredentials] = "true";
-                        context.Response.Headers[HeaderNames.AccessControlAllowCredentials] = "true";
+                    _logger.LogDebug("Overwriting CORS response header: {HeaderName}: {HeaderValue}", HeaderNames.AccessControlAllowOrigin, context.Request.Host.Value);
-                    }
                 }
             }