Simon

> I wasn't actually proposing the fix. I was just documenting what works: Ah, I'm sorry, I misread the issue description. > If you need to change the code so...

> There are many ways to disable CORS for the browser or use an extension to change incoming CORS headers. These extensions may be useful in development scenarios, but an...

Thank you! Splitting the initialization into two parts seems to work: ```ts const roomState: Partial = { needsPersist: false, id: roomId, }; roomState.room = new TLSocketRoom({ initialSnapshot, onSessionRemoved(room, args) {...

@TodePond Sorry, can you explain how #5979 fixes the issue I described in the description of this issue? The changes do not seem to modify the code in question.

> Is there any specific reason we could not use the current environment variable and determine if the configured username is an org or user? > > A call to...

> Due to that, I would love to do a refactoring and add tests for this particular part of the tool. Otherwise future requirements are likely to break existing functionality...

Are you using TLS? Can you provide more information about the deployment (e.g. Helm chart values)? And are you sure that there's not an HTTP(S) loadbalancer in front of the...

Okay. That's odd. I tried this out on my own cluster using the Helm chart and the following (minimal) values file: ```yml auth: password: "some-password" master: service: type: "LoadBalancer" ports:...

The problem still exists.

I've further isolated the issue: The problem only occurs if `ALLOW_EMPTY_PASSWORD` is enabled. This worked when using 10.11, i.e. the service got healthy.