Files
Hermes Agent 5d87e4975c Add HttpOnly cookie auth for cross-domain SPA login
Problem: Frontend JS bundle used credentials:'same-origin' which
dropped cookies on cross-domain requests. Login worked (200) but
the subsequent /auth/me check returned 401, leaving the user stuck
on the login screen.

Fix:
- AuthController now sets a dtp_jwt HttpOnly cookie on login/refresh
- Cookie uses Domain=.fahrschultermin.de (shared between frontend
  and api subdomain), Secure, SameSite=Lax, Max-Age=8h
- JwtMiddleware reads JWT from Authorization header OR cookie
- Added AuthController::me() endpoint (was missing, caused 500)
- Logout endpoint clears the cookie
- Frontend index.php patches fetch() to use credentials:'include'
  for all /api/v1/* calls
2026-06-04 20:33:31 +02:00

27 lines
990 B
HTML
Executable File
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>fahrschuldesk.de Erfolgreich eingerichtet</title>
<style>
body { font-family: sans-serif; line-height: 1.6; max-width: 800px; margin: 2rem auto; padding: 0 1rem; }
h1 { color: #2c3e50; }
.box { background: #f8f9fa; border-left: 4px solid #3498db; padding: 1rem; margin: 1.5rem 0; }
code { background: #eee; padding: 0.2rem 0.4rem; border-radius: 3px; }
</style>
</head>
<body>
<h1>✅ fahrschuldesk.de ist betriebsbereit</h1>
<p>Diese Seite wurde automatisch vom WebhostingStack erzeugt.</p>
<div class="box">
<strong>Nächste Schritte:</strong>
<ul>
<li>Ersetze diesen Inhalt durch deine eigene Website.</li>
<li>Lade Dateien in das öffentliche Verzeichnis dieser Domain hoch.</li>
<li>Für PHPAnwendungen lege eine <code>index.php</code> an.</li>
</ul>
</div>
<p><small>Server: core</small></p>
</body>
</html>