1ea607829c
Three issues found while debugging shared-book links: - /s cover was a broken <img>: the page runs under COEP: require-corp (for Turso SharedArrayBuffer), and the cover redirects to a cross-origin R2 presigned URL that can't carry a Cross-Origin-Resource-Policy header, so the browser blocked it. R2 already has CORS, but that's a different header — a plain no-cors <img> needs CORP, which presigned URLs can't set. Serve /s with COEP: credentialless, which keeps the page cross-origin isolated (the Turso replica still boots there) while allowing the image. Scoped to /s; every other route keeps require-corp. - Android share links (https://web.readest.com/s/{token}) were run through the article clipper: useClipUrlIngress excluded annotation links but not share links, so they fell through to clip_url/readability. Skip parseShareDeepLink URLs — useOpenShareLink owns that path. - In-app book import failed with "Origin null is not allowed": the importer fetched /share/{token}/download with the renderer's fetch, and on the app (tauri.localhost -> web -> R2) the second cross-origin redirect nulls the request Origin, which R2's CORS rejects. Use the native HTTP client (tauriFetch) on the app — it follows the redirect and ignores CORS, needs no server change, and works against the deployed server. Web is unaffected: its fetch's redirect to R2 is the first cross-origin hop, so the Origin is preserved and R2 allows it. Adds unit tests (middleware COEP per route, clipper skips share links, download route 302, importer uses native HTTP on app and the renderer fetch on web). Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>