Goal
The portal must run unchanged inside a desktop webview and against externally hosted nodes. Today parts of the SPA assume same-origin serving. Make the API base URL and the transport layer injectable so the same build serves node-hosted, externally hosted, and desktop-shell deployments.
Workplan
- Audit every fetch/EventSource/upload path for same-origin and absolute-path assumptions
- Introduce one injected API base + transport wrapper used by all composables
- Make the auth flow (OIDC redirect, token storage) work from a non-served origin and a webview
- Document the injection contract for the desktop shell
Definition of Done
Test Concept
E2e suite runs once served from the node and once from a dev server pointing at a remote API.
Risks
Hidden same-origin assumptions in third-party components surface late.
Goal
The portal must run unchanged inside a desktop webview and against externally hosted nodes. Today parts of the SPA assume same-origin serving. Make the API base URL and the transport layer injectable so the same build serves node-hosted, externally hosted, and desktop-shell deployments.
Workplan
Definition of Done
Test Concept
E2e suite runs once served from the node and once from a dev server pointing at a remote API.
Risks
Hidden same-origin assumptions in third-party components surface late.