1ebdc5f0b3
- Set SameSite=lax for auth & CSRF cookies in development (cross-port) - Set refresh_token cookie path to / (was /auth, preventing cross-port send) - Await params in Next.js 15 async server components (layout, listings, agents) - Add CSRF token to web-vitals POST requests - Fix: 401 Unauthorized on all authenticated API calls from web app - Fix: CSRF token missing on POST requests from different port - Fix: params.locale sync access warning in generateMetadata Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
3.6 KiB
3.6 KiB