adjusted to more secure nginx config
Some checks failed
PHPUnit / test (push) Has been cancelled

This commit is contained in:
2026-06-16 10:49:20 +02:00
parent 3d738bb14e
commit 0add7c62e9
5 changed files with 39 additions and 14 deletions

View File

@ -1,4 +1,29 @@
const API_BASE = '../api';
/**
* Resolve API base for sibling (/website + /api) or subpath (/prefix/ + /prefix/api) layouts.
* Override per deploy: <script>window.QDB_API_BASE = '/nat-as-server/api';</script>
*/
function resolveApiBase() {
if (typeof window !== 'undefined' && window.QDB_API_BASE) {
return String(window.QDB_API_BASE).replace(/\/$/, '');
}
const fromRelative = new URL('../api', window.location.href);
const relPath = fromRelative.pathname.replace(/\/$/, '');
const pageDir = window.location.pathname.replace(/\/[^/]*$/, '/') || '/';
const mount = pageDir.split('/').filter(Boolean)[0];
// Subpath deploy: /prefix/ is aliased to website/, so ../api wrongly becomes /api
if (mount && mount !== 'api' && mount !== 'website' && relPath === '/api') {
return `/${mount}/api`;
}
return relPath;
}
const API_BASE = resolveApiBase();
/** Build a URL under the API base (path may include query string). */
export function apiUrl(endpoint) {
const clean = String(endpoint).replace(/^\//, '').replace(/\.php(\?|$)/, '$1');
return `${API_BASE}/${clean}`;
}
function getToken() {
return localStorage.getItem('qdb_token');
@ -107,7 +132,7 @@ async function apiFetch(endpoint, options = {}) {
// Strip .php suffix for clean URLs
const cleanEndpoint = endpoint.replace(/\.php(\?|$)/, '$1');
const res = await fetch(`${API_BASE}/${cleanEndpoint}`, { ...options, headers });
const res = await fetch(apiUrl(cleanEndpoint), { ...options, headers });
if (res.status === 401 || res.status === 403) {
await handleAuthResponse(res);