fix(auth): resolve 401 errors caused by cookie loss during 307 redirects

zachlagden · claude · zachlagden · commit 681ab74d7bd8 · 2026-02-05T22:52:01.000Z
Add proxy-headers and forwarded-allow-ips to uvicorn so it reads
X-Forwarded-Proto from Traefik and uses the correct https scheme in
redirect URLs. Fix JS API calls to use trailing-slash URLs, avoiding
the 307 redirect that was dropping the Secure session cookie.

Co-Authored-By: Claude &lt;noreply@anthropic.com&gt;
diff --git a/Dockerfile b/Dockerfile
@@ -39,4 +39,4 @@ EXPOSE 8080
 HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
     CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:8080/health')" || exit 1
 
-CMD ["python", "-m", "uvicorn", "app:app", "--host", "0.0.0.0", "--port", "8080"]
+CMD ["python", "-m", "uvicorn", "app:app", "--host", "0.0.0.0", "--port", "8080", "--proxy-headers", "--forwarded-allow-ips", "*"]
diff --git a/src/static/js/app_dashboard.js b/src/static/js/app_dashboard.js
@@ -25,7 +25,7 @@ async function fetchDashboardData() {
     try {
         // Fetch user data
         const userResponse = await $.ajax({
-            url: '/api/me',
+            url: '/api/me/',
             method: 'GET',
             dataType: 'json',
         });
diff --git a/src/static/js/app_settings.js b/src/static/js/app_settings.js
@@ -5,7 +5,7 @@ let userData = null;
 async function fetchUserData() {
     try {
         const response = await $.ajax({
-            url: '/api/me',
+            url: '/api/me/',
             method: 'GET',
             dataType: 'json',
         });
