fix: set allow_credentials to False so that we no longer see CORS err…

[sethalt]

…ors when accessing from IFrame

Status	Ticket/Issue
Ready/Hold	Ticket

Main changes

• Set allow_credentials to false because the wildcard cors configuration with allow credentials causes CORS errors when the accessing domain is not pi-top.com, e.g. when in Iframe

Screenshots (feature, test output, profiling, dev tools etc)

[insert screenshots here]

Other notes (e.g. implementation quirks, edge cases, questions / issues)

Manual testing tips

Tag anyone who definitely needs to review or help

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 73.42%. Comparing base (65a6262) to head (9068a9d).

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #193   +/-   ##
=======================================
  Coverage   73.42%   73.42%           
=======================================
  Files          42       42           
  Lines        1994     1994           
=======================================
  Hits         1464     1464           
  Misses        530      530           

Flag	Coverage Δ
unittests	73.42% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.