You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2.0 KiB
2.0 KiB
+++ title = "[TRIAGE] Local dev CORS and Trunk API proxy config (trunk serve proxying to api on different port)" priority = 8 status = "done" ticket_type = "task" dependencies = [] +++
This is a triage decision ticket. It must be resolved before dependent implementation tickets can proceed. Local dev CORS and Trunk proxy config: during `trunk serve`, the UI runs on one port and the API on another. How do we handle cross-origin API calls in development? 1. **Trunk proxy** — configure Trunk to proxy `/api/*` requests to the API server. No CORS needed. Add to `Trunk.toml`. 2. **CORS middleware on API** — add `tower-http` CORS middleware to the Axum router, allowing localhost origins in development. 3. **Same-origin in production** — in production, both are served from the same Cloudflare account; in dev, use the Trunk proxy. **Chosen approach: Option 1 — Trunk proxy.**Rationale:
- Mirrors the production architecture: Cloudflare routes
/api/*to the Worker at the same domain as the Pages site. No CORS configuration is needed in production either. - Frontend uses relative URLs (
/api/quotes, nothttp://localhost:3000/api/quotes). The same paths work in both dev (Trunk proxies them) and production (Cloudflare routes them). - Zero CORS configuration: no
tower-httpCORS middleware, noAccess-Control-Allow-Originheaders. Simpler API, smaller attack surface. - Port: API runs on
localhost:3000viacargo run(plain Axum/Tokio for local dev).
Implementation:
Trunk.toml— add[[proxy]] rewrite = "/api" backend = "http://localhost:3000". See ticket 00d6d7.src/bin/ui/api.rs— use relative URLs only. See ticket 1e6a09.
Updated tickets: dc3d2b (Trunk.toml setup), 1e6a09 (API client module). Created ticket: 00d6d7 (dedicated implementation task for the proxy config).
`chore(quotesdb): resolve triage — local-dev-cors-and-trunk-api-proxy-config-trunk-serve-proxyi`