fix(split-audit): correct CMS API client target, render mode, asset URL, and stale config

CMS pages were calling api/cms/track on https://localhost:5001 (the public host)
because the DeepDrft.API named client was base-addressed there; controllers live
on the Manager. Re-pointed to baseUrl. /cms page declared InteractiveAuto in a
Server-only host. App.razor link for MudBlazorThemeManager.css had _ outside the
@Assets[] expression. Public connections example carried a leftover Auth string.
This commit is contained in:
Daniel Harvey
2026-05-20 15:55:59 -04:00
parent fbda6487ef
commit b0d70ce1c6
5 changed files with 8 additions and 9 deletions
+5 -4
View File
@@ -81,12 +81,13 @@ builder.Services.AddAuthBlocks(options =>
var baseUrl = GetKestrelUrl(builder);
AuthBlocksWeb.Startup.ConfigureAuthServices(builder.Services, baseUrl);
// Named HttpClient used by CMS pages for auth API calls (AuthBlocks surface on this host).
var apiHostUrl = builder.Configuration["ApiUrls:ApiHost"]
?? throw new InvalidOperationException("ApiUrls:ApiHost is required");
// Named HttpClient used by CMS pages for in-process CMS endpoints (CmsUploadController,
// CmsEditController, CmsDeleteController) and the AuthBlocks surface — both live on this host.
// Base-addressed to the Manager's own Kestrel URL so callers using relative paths
// (e.g. "api/cms/track") hit our own controllers, not the public host.
builder.Services.AddHttpClient("DeepDrft.API", client =>
{
client.BaseAddress = new Uri(apiHostUrl);
client.BaseAddress = new Uri(baseUrl);
});
// Named HttpClient for unauthenticated Content API calls (e.g. CmsUploadController proxying WAV