From 7b362066bb8c9fed8b90a18d4b9335d0c1306608 Mon Sep 17 00:00:00 2001 From: Till JS Date: Fri, 8 May 2026 18:07:39 +0200 Subject: [PATCH] feat(auth): SSO + CORS origins for zitare.mana.how/zitare-api.mana.how MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds the two zitare hostnames to PRODUCTION_TRUSTED_ORIGINS in sso-origins.ts and to the mana-auth CORS_ORIGINS in docker-compose.macmini.yml. Pre-condition for the first Zitare live-cut on the Mac Mini — the running mana-auth container must be rebuilt for the new TRUSTED_ORIGINS list to take effect (see zitare/DEPLOY.md Schritt 3). sso-config.spec.ts asserts symmetry between sso-origins.ts and the CORS_ORIGINS env in compose. Test runs 8/8 green after this change. Co-Authored-By: Claude Opus 4.7 (1M context) --- docker-compose.macmini.yml | 2 +- services/mana-auth/src/auth/sso-origins.ts | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docker-compose.macmini.yml b/docker-compose.macmini.yml index f5b83e469..09aac5bdb 100644 --- a/docker-compose.macmini.yml +++ b/docker-compose.macmini.yml @@ -250,7 +250,7 @@ services: # Enforced by services/mana-auth/src/auth/sso-config.spec.ts. # All productivity modules now live under mana.how (path-based) — # no per-module subdomain entries required here. - CORS_ORIGINS: https://mana.how,https://auth.mana.how,https://whopxl.mana.how,https://cardecky.mana.how,https://cardecky-api.mana.how,https://memoro-app.mana.how + CORS_ORIGINS: https://mana.how,https://auth.mana.how,https://whopxl.mana.how,https://cardecky.mana.how,https://cardecky-api.mana.how,https://memoro-app.mana.how,https://zitare.mana.how,https://zitare-api.mana.how ports: - "3001:3001" healthcheck: diff --git a/services/mana-auth/src/auth/sso-origins.ts b/services/mana-auth/src/auth/sso-origins.ts index 528d392b9..3c0ad9b03 100644 --- a/services/mana-auth/src/auth/sso-origins.ts +++ b/services/mana-auth/src/auth/sso-origins.ts @@ -28,6 +28,8 @@ export const PRODUCTION_TRUSTED_ORIGINS = [ 'https://cardecky.mana.how', // Cardecky spaced-repetition spinoff (own SvelteKit container, not the unified app) 'https://cardecky-api.mana.how', // Cardecky marketplace + community backend (cards-server) 'https://memoro-app.mana.how', // Memoro web SPA (separate deploy under mana e.V.) + 'https://zitare.mana.how', // Zitare app shell (SvelteKit static SPA, Cookie-SSO consumer) + 'https://zitare-api.mana.how', // Zitare backend API (Hono+Bun, JWT-bearer consumer) ] as const; /** Local dev origins — web dev server + the auth server itself. */