905 B
905 B
| id | title | status | assignee | created_date | labels | dependencies | parent_task_id | priority | |||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TASK-51.4 | Phase 4: Simplify EncryptID and WebAuthn for single domain | To Do | 2026-02-25 07:47 |
|
|
TASK-51 | medium |
Description
Prune WebAuthn Related Origins, JWT audience claims, and CORS allowedOrigins now that all modules are on rspace.online.
Files: server/index.ts (.well-known/webauthn), public/.well-known/webauthn, src/encryptid/session.ts (JWT aud), src/encryptid/server.ts (allowedOrigins + HTML templates).
Acceptance Criteria
- #1 Passkey login works on rspace.online
- #2 No CORS errors for auth flows
- #3 JWT aud is rspace.online only
- #4 .well-known/webauthn no longer lists standalone domains