From b0d70ce1c6737309095e3ae30df4a3225c852675 Mon Sep 17 00:00:00 2001 From: Daniel Harvey Date: Wed, 20 May 2026 15:55:59 -0400 Subject: [PATCH] fix(split-audit): correct CMS API client target, render mode, asset URL, and stale config CMS pages were calling api/cms/track on https://localhost:5001 (the public host) because the DeepDrft.API named client was base-addressed there; controllers live on the Manager. Re-pointed to baseUrl. /cms page declared InteractiveAuto in a Server-only host. App.razor link for MudBlazorThemeManager.css had _ outside the @Assets[] expression. Public connections example carried a leftover Auth string. --- DeepDrftCms/Pages/Cms/Index.razor | 2 +- DeepDrftManager/Program.cs | 9 +++++---- DeepDrftManager/appsettings.json | 1 - DeepDrftPublic/Components/App.razor | 2 +- DeepDrftPublic/connections.example.json | 3 +-- 5 files changed, 8 insertions(+), 9 deletions(-) diff --git a/DeepDrftCms/Pages/Cms/Index.razor b/DeepDrftCms/Pages/Cms/Index.razor index 6c6b688..bd25e95 100644 --- a/DeepDrftCms/Pages/Cms/Index.razor +++ b/DeepDrftCms/Pages/Cms/Index.razor @@ -1,5 +1,5 @@ @page "/cms" -@rendermode InteractiveAuto +@rendermode InteractiveServer @using AuthBlocksWeb.HierarchicalAuthorize @attribute [HierarchicalRoleAuthorize("Admin")] diff --git a/DeepDrftManager/Program.cs b/DeepDrftManager/Program.cs index b6b5fdf..54d66bf 100644 --- a/DeepDrftManager/Program.cs +++ b/DeepDrftManager/Program.cs @@ -81,12 +81,13 @@ builder.Services.AddAuthBlocks(options => var baseUrl = GetKestrelUrl(builder); AuthBlocksWeb.Startup.ConfigureAuthServices(builder.Services, baseUrl); -// Named HttpClient used by CMS pages for auth API calls (AuthBlocks surface on this host). -var apiHostUrl = builder.Configuration["ApiUrls:ApiHost"] - ?? throw new InvalidOperationException("ApiUrls:ApiHost is required"); +// Named HttpClient used by CMS pages for in-process CMS endpoints (CmsUploadController, +// CmsEditController, CmsDeleteController) and the AuthBlocks surface — both live on this host. +// Base-addressed to the Manager's own Kestrel URL so callers using relative paths +// (e.g. "api/cms/track") hit our own controllers, not the public host. builder.Services.AddHttpClient("DeepDrft.API", client => { - client.BaseAddress = new Uri(apiHostUrl); + client.BaseAddress = new Uri(baseUrl); }); // Named HttpClient for unauthenticated Content API calls (e.g. CmsUploadController proxying WAV diff --git a/DeepDrftManager/appsettings.json b/DeepDrftManager/appsettings.json index 1923106..e76c964 100644 --- a/DeepDrftManager/appsettings.json +++ b/DeepDrftManager/appsettings.json @@ -7,7 +7,6 @@ }, "AllowedHosts": "*", "ApiUrls": { - "ApiHost": "https://localhost:5001", "ContentApi": "https://content.deepdrft.com" }, "ForwardedHeaders": { diff --git a/DeepDrftPublic/Components/App.razor b/DeepDrftPublic/Components/App.razor index b2689a0..35c6ee7 100644 --- a/DeepDrftPublic/Components/App.razor +++ b/DeepDrftPublic/Components/App.razor @@ -8,7 +8,7 @@ - + diff --git a/DeepDrftPublic/connections.example.json b/DeepDrftPublic/connections.example.json index 8439f83..058cdc2 100644 --- a/DeepDrftPublic/connections.example.json +++ b/DeepDrftPublic/connections.example.json @@ -1,6 +1,5 @@ { "ConnectionStrings": { - "DefaultConnection": "Host=localhost;Port=5433;Database=postgres;Username=postgres;Password=your-password-here", - "Auth": "Host=localhost;Port=5433;Database=postgres;Username=postgres;Password=your-password-here" + "DefaultConnection": "Host=localhost;Port=5433;Database=postgres;Username=postgres;Password=your-password-here" } }