DocFast session 148: BUG-111 CORS staging fix + type safety
This commit is contained in:
Hoid
parent
79917c1e5c
commit
2fa9293e45
3 changed files with 30 additions and 2 deletions
|
|
@ -1,3 +1,11 @@
|
|||
## BUG-111: CORS blocks all frontend modals on staging — hardcoded production origin
|
||||
- **Date:** 2026-03-09
|
||||
- **Severity:** MEDIUM
|
||||
- **Issue:** CORS middleware in `src/index.ts` hardcodes `Access-Control-Allow-Origin: https://docfast.dev` for auth/billing routes (recover, email-change, billing, demo). When accessed from staging (`https://staging.docfast.dev`), browser blocks all XHR/fetch requests due to origin mismatch. All frontend modals on staging are broken.
|
||||
- **Impact:** Cannot test any frontend modal flows on staging (recover, email-change, demo, billing checkout). Staging is supposed to be a full test environment.
|
||||
- **Fix:** Make CORS origin dynamic — allow `https://staging.docfast.dev` when request comes from staging origin.
|
||||
- **Status:** ✅ FIXED — commit da049b7. Dynamic CORS origin with allowlist. 13 TDD tests added. 579 tests total.
|
||||
|
||||
## BUG-110: POST /v1/recover initial request still uses in-memory cache only — recovery email not sent across pods
|
||||
- **Date:** 2026-03-07
|
||||
- **Severity:** MEDIUM
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue