From abe57621cd801bbe7033c50d6e5e88ff493f384d Mon Sep 17 00:00:00 2001 From: Jason Woltje Date: Mon, 16 Feb 2026 22:31:29 -0600 Subject: [PATCH] fix: add CORS env vars to Swarm/Portainer compose and log trusted origins The Swarm deployment uses docker-compose.swarm.portainer.yml, not the root docker-compose.yml. Add NEXT_PUBLIC_APP_URL, NEXT_PUBLIC_API_URL, and TRUSTED_ORIGINS to the API service environment. Also log trusted origins at startup for easier CORS debugging. Co-Authored-By: Claude Opus 4.6 --- apps/api/src/main.ts | 4 +++- docker-compose.swarm.portainer.yml | 4 ++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/apps/api/src/main.ts b/apps/api/src/main.ts index 19d7150..647f5bd 100644 --- a/apps/api/src/main.ts +++ b/apps/api/src/main.ts @@ -49,8 +49,10 @@ async function bootstrap() { // Configure CORS for cookie-based authentication // Origin list is shared with BetterAuth trustedOrigins via getTrustedOrigins() + const trustedOrigins = getTrustedOrigins(); + console.log(`[CORS] Trusted origins: ${JSON.stringify(trustedOrigins)}`); app.enableCors({ - origin: getTrustedOrigins(), + origin: trustedOrigins, credentials: true, // Required for cookie-based authentication methods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"], allowedHeaders: ["Content-Type", "Authorization", "Cookie", "X-CSRF-Token", "X-Workspace-Id"], diff --git a/docker-compose.swarm.portainer.yml b/docker-compose.swarm.portainer.yml index 7079702..559886c 100644 --- a/docker-compose.swarm.portainer.yml +++ b/docker-compose.swarm.portainer.yml @@ -138,6 +138,10 @@ services: MOSAIC_TELEMETRY_API_KEY: ${MOSAIC_TELEMETRY_API_KEY:-} MOSAIC_TELEMETRY_INSTANCE_ID: ${MOSAIC_TELEMETRY_INSTANCE_ID:-} MOSAIC_TELEMETRY_DRY_RUN: ${MOSAIC_TELEMETRY_DRY_RUN:-false} + # Frontend URLs (for CORS and auth redirects) + NEXT_PUBLIC_APP_URL: ${NEXT_PUBLIC_APP_URL} + NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL} + TRUSTED_ORIGINS: ${TRUSTED_ORIGINS:-} healthcheck: test: [