Cross-Site cookies enabled
This commit is contained in:
ValueOn AG
parent
16a930e79b
commit
8b4a00de70
1 changed files with 3 additions and 0 deletions
|
|
@ -14,9 +14,12 @@ Skip: reine Refactors, Formatting, Lint, Dep-Bumps, Test-only, Wiki-Tippfehler.
|
|||
|
||||
## 2026-05-08
|
||||
|
||||
- 2026-05-08 | fix | gateway | JWT cookies: SameSite=None+Secure when APP_API_URL is HTTPS (cross-origin SPA+API); SameSite=Lax on HTTP localhost. Fixes credentialed API calls when UI and gateway differ by site. CSRF middleware unchanged.
|
||||
- 2026-05-08 | chore | frontend-nyla | config/.env.{dev,int,prod}: keep only VITE_API_BASE_URL and VITE_APP_NAME; removed unused flags and duplicated Entra/secret keys (backend owns secrets). env.d.ts aligned.
|
||||
- 2026-05-08 | refactor | frontend-nyla | Remove MSAL from UI: deleted authConfig.ts + AuthProvider.tsx, rewrote ProtectedRoute (sessionStorage-only), removed useMsalRegister, simplified logout, uninstalled @azure/msal-browser + @azure/msal-react. All auth logic lives in gateway.
|
||||
- 2026-05-08 | chore | frontend-nyla | Rename env files: `.env.{dev,int,prod}` → `env-poweron-nyla-{dev,int,prod}.env` (naming matches workflow). Updated workflows, .gitignore, README.
|
||||
- 2026-05-08 | chore | gateway | Rename env files: `env_{dev,int,prod,prod_forgejo}.env` → `env-gateway-{dev,int,prod,prod-forgejo}.env`. Updated GitHub/Forgejo workflows, deploy-gcp, .gitignore, .dockerignore, .gcloudignore, Dockerfile, scripts.
|
||||
- 2026-05-08 | chore | gateway | Domain migration poweron-center.net → poweron.swiss: APP_API_URL, CORS origins, OAuth redirect URIs (MSFT, Google, ClickUp) in env-gateway-{int,prod,dev}. Updated billing email and doc URLs in stripeCheckout.py, datamodelTeamsbot.py.
|
||||
|
||||
## 2026-05-06
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue