docs(client-area): 📝 Add brief documentation for magic link action to enable document opening in client-area
Co-Authored-By: Lilith Autocommit <noreply@atlilith.com>
This commit is contained in:
parent
9e9e64351c
commit
29b3843ac6
1 changed files with 2 additions and 0 deletions
|
|
@ -77,6 +77,8 @@ Domain resolution happens on the API side, not the SPA. The SPA passes `Host` to
|
|||
|
||||
**Cookie scope note**: subdomain-mode deploys (`www.cocotte.club`) scope the session cookie to the bare domain (`.cocotte.club`). Path-prefix-mode deploys (`www.future.com/clients`) must scope the cookie to the path prefix (`/clients`). These are deploy-time config differences; the auth code is the same.
|
||||
|
||||
**API routing in path-prefix mode**: when the SPA is mounted at `/clients`, its API calls must be prefixed to match: `platform-api` must be reverse-proxied at `/clients/api/client-area/...` (Caddy `handle /clients/api/*` → strip prefix → upstream). Subdomain-mode deploys proxy `/api/client-area/*` directly. The `ClientAreaModule` routes are prefix-agnostic; only the vhost config changes.
|
||||
|
||||
**Open question**: should `platform-api` reject requests from `Host` values not present in `provider_brand_domains`, or should there be a fallback to a dev-mode bypass (e.g. any `*.apricot.local` host)? Dev bypass is convenient but adds a code path that must be gated on `NODE_ENV !== 'production'`.
|
||||
|
||||
---
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue