Users report that Hugging Face Spaces' edge proxy is now stripping the Access-Control-Allow-Credentials header from OPTIONS preflight requests, even when explicitly configured in Express middleware. The header is missing in responses despite code that sets it and includes a wildcard middleware for OPTIONS requests, suggesting the proxy intercepts and modifies the response before it reaches the backend container.