From d17e197a1b6cfb864ca25639b37a5a7eadd34f04 Mon Sep 17 00:00:00 2001
From: bunker-admin <admin@thebunkerops.ca>
Date: Tue, 7 Apr 2026 14:21:16 -0600
Subject: [PATCH] Fix Vite allowedHosts blocking production domains

Set allowedHosts to true since nginx handles Host header
validation. The previous `.${domain}` pattern used the
build-time DOMAIN value, which breaks when the same image
is deployed to a different domain.

Bunker Admin
---
 admin/vite.config.ts | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/admin/vite.config.ts b/admin/vite.config.ts
index b1d8da3d..7c20614d 100644
--- a/admin/vite.config.ts
+++ b/admin/vite.config.ts
@@ -15,12 +15,11 @@ export default defineConfig({
   server: {
     port: 3000,
     host: '0.0.0.0',
-    allowedHosts: [
-      `.${domain}`, // Allow all subdomains of configured domain
-      'changemaker-v2-admin', // Allow container hostname
-      'localhost',
-      '127.0.0.1',
-    ],
+    // Allow all hosts — nginx handles Host header validation in production.
+    // Vite's allowedHosts only sees the build-time DOMAIN value, which may
+    // differ from the runtime domain (e.g., image built for cmlite.org but
+    // deployed to wokemail.org).
+    allowedHosts: true,
     proxy: {
       '/api': {
         // Use env var with fallback: Docker uses container name, local uses localhost