Update peerDependencies to accept React 18 or 19,
and update @types/react to ^19.0.0 for type compatibility.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Auth clients now use localStorage-based token headers instead of cookie
credentials. This provides cross-origin compatibility and clearer auth flow.
- analytics-client: Remove credentials: include from fetch calls
- sso-client: Add getAuthHeaders() helper for MFA components
- SSOClient core: Remove redundant credentials, keep Authorization headers
- Updated tests to match new header-based auth expectations
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add /api/ location block to nginx config for next.www.atlilith.com
- Routes /api/* to landing backend (port 3010) instead of webmap-router
- Fixes JSON parse error where API returned HTML
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace httpOnly cookies with localStorage + Authorization headers
- SSOClient: Add token storage methods, update all auth endpoints
- Auth controller: Return sessionId in response, read from headers
- Remove CookieConfig (no longer needed)
- Update privacy policy: "no cookies" messaging
Cross-origin cookie restrictions made this necessary for
multi-domain SSO flows.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>