bert.hausmans
28727f246b
Remove apps/admin/ entirely — platform admin functionality now lives in apps/app/ under /platform/* routes for super_admin users. Production URL scheme changed: - Organizer app: crewli.app (was app.crewli.app) - Portal: portal.crewli.app (unchanged) - API: api.crewli.app (unchanged) - admin.crewli.app and app.crewli.app retired Backend: - Removed FRONTEND_ADMIN_URL config and admin cookie (crewli_admin_token) from SetAuthCookie, CookieBearerToken, cors.php, app.php - Updated .env and .env.example (two origins, no port 5173) - Updated cookie test: admin origin test → unknown origin fallback test Infrastructure: - Makefile: removed admin target - deploy/nginx: updated CSP comment, removed admin vhost - Updated README.md, CLAUDE.md, and all dev-docs Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
40 lines
992 B
PHP
40 lines
992 B
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
return [
|
|
|
|
/*
|
|
|--------------------------------------------------------------------------
|
|
| Cross-Origin Resource Sharing (CORS) Configuration
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
| Here you may configure your settings for cross-origin resource sharing
|
|
| or "CORS". This determines what cross-origin operations may execute
|
|
| in web browsers. You are free to adjust these settings as needed.
|
|
|
|
|
| To learn more: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
|
|
|
|
|
*/
|
|
|
|
'paths' => ['api/*', 'sanctum/csrf-cookie'],
|
|
|
|
'allowed_methods' => ['*'],
|
|
|
|
'allowed_origins' => [
|
|
env('FRONTEND_APP_URL', 'http://localhost:5174'),
|
|
env('FRONTEND_PORTAL_URL', 'http://localhost:5175'),
|
|
],
|
|
|
|
'allowed_origins_patterns' => [],
|
|
|
|
'allowed_headers' => ['*'],
|
|
|
|
'exposed_headers' => [],
|
|
|
|
'max_age' => 0,
|
|
|
|
'supports_credentials' => true,
|
|
|
|
];
|