Skip to content

fix(auth): build verification email URL from ALLOWED_ORIGINS#899

Merged
nimish-ks merged 1 commit into
mainfrom
fix/verify-email-url-from-allowed-origins
May 21, 2026
Merged

fix(auth): build verification email URL from ALLOWED_ORIGINS#899
nimish-ks merged 1 commit into
mainfrom
fix/verify-email-url-from-allowed-origins

Conversation

@nimish-ks
Copy link
Copy Markdown
Member

@nimish-ks nimish-ks commented May 21, 2026
edited
Loading

Summary

Backend was reading NEXT_PUBLIC_BACKEND_API_BASE to build verification email links — but that's a Next.js browser-bundle var, not reliably injected on the backend container. When empty, signups got malformed http:///auth/verify-email/<token>/ links.

Swap to FRONTEND_URL (already derived from ALLOWED_ORIGINS.

@nimish-ks
fix(auth): build verification email URL from ALLOWED_ORIGINS
a410c8b 
The backend was reading NEXT_PUBLIC_BACKEND_API_BASE — a Next.js
browser-bundle env var that isn't reliably injected on the backend
container — to construct verification email links. When unset, signups
got malformed links like http:///auth/verify-email/<token>/.

Switch to FRONTEND_URL (already derived from ALLOWED_ORIGINS at module
load) plus the /service prefix that nginx (self-host) and the prod ALB
both route to the backend. Same convention as the invite-email link in
api/emails.py.
@nimish-ks nimish-ks self-assigned this May 21, 2026
@nimish-ks nimish-ks merged commit a6e0395 into main May 21, 2026
14 checks passed
@nimish-ks nimish-ks deleted the fix/verify-email-url-from-allowed-origins branch May 21, 2026 09:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rohan-chaturvedi rohan-chaturvedi rohan-chaturvedi approved these changes

Assignees

@nimish-ks nimish-ks

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nimish-ks @rohan-chaturvedi