app-dev built with --mode production was baking the PROD Supabase URL (.env)
into the bundle, so browser auth went cross-origin to supa.classroomcopilot.ai
and was CORS-blocked (and hit the wrong user store). Mirror the /__ccapi fix:
- Dockerfile: nginx /__supabase/ -> dev Supabase .94:8000 (+WS upgrade for realtime)
- supabaseClient.ts: resolve a leading-slash VITE_SUPABASE_URL against
window.location.origin so supabase-js gets an absolute same-origin URL
- docker-compose.dev.yml: bake VITE_SUPABASE_URL=/__supabase (like VITE_API_BASE)
Browser now talks only to the app host (Tailscale or LAN), no CORS, dev .94 store.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
nginx:alpine mime.types only covers .js, not .mjs. The pdfjs-dist v4
worker is output as pdf.worker-*.mjs; without the correct MIME type the
browser refuses to execute it as a module worker and pdfjs throws
'Network Error', blocking the PDF backdrop from rendering.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Vite hashes all JS/CSS assets, so those can be cached for 30 days.
But index.html must never be cached — it references the current hashes.
Caching index.html meant users ran old JS after deploys.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
