Currently, the auth script does not support CORS, which means that it breaks with a security plugin like helmet.
Adding CORS support would allow us to use security features like COEP and SRI hashes.
I was attempting to add login support to my web page when the script refused to load and Fastify threw an error. (Yes, I was using fastify-helmet, but it’s a wrapper around helmet anyway.)