egutierrez 294905984c fix(membership): allow X-Unibus-* auth headers in CORS preflight ...

A browser signs every control-plane request with X-Unibus-Pub/Ts/Nonce/Sig
(busauth.signedHeaders). The CORS Allow-Headers only listed Content-Type and
Authorization, so the browser's preflight rejected the real request and the SPA
failed with 'Failed to fetch' on the first authenticated call (listRooms). Add the
four X-Unibus-* headers to Access-Control-Allow-Headers.

This was invisible to the Node smoke (fetch in Node does no CORS preflight); only a
real browser surfaced it. Verified live: enmanuel logs into uniweb against the
cluster and lists rooms. Regression test asserts the header is present.

2026-06-14 12:12:20 +02:00

cmd

feat(membershipd): --ws-port wires the embedded NATS WebSocket listener

2026-06-13 23:05:33 +02:00

deploy

feat(cluster): deploy browser WebSocket + CORS to the 3-node cluster

2026-06-13 23:23:52 +02:00

dev

docs(0007): spec encryption-at-rest del control plane (JetStream/SQLite en disco)

2026-06-07 20:34:35 +02:00

migrations

feat(membership): add 002_users.sql migration and user CRUD store

2026-06-07 12:23:11 +02:00

pkg

fix(membership): allow X-Unibus-* auth headers in CORS preflight

2026-06-14 12:12:20 +02:00

web

refactor: split web frontend + gateway out to uniweb app (bump 0.13.0)

2026-06-13 21:21:08 +02:00

.gitignore

feat(webgw): per-user wallet sessions + invite register

2026-06-08 21:21:33 +02:00

app.md

chore: bump unibus to 0.14.0 (browser-native client prep, Phase 0)

2026-06-13 22:21:51 +02:00

go.mod

fix(0005a): bump nats-server v2.10.22->v2.11.15 + toolchain go1.26.4 (close 16 CVEs)

2026-06-07 15:55:32 +02:00

go.sum

fix(0005a): bump nats-server v2.10.22->v2.11.15 + toolchain go1.26.4 (close 16 CVEs)

2026-06-07 15:55:32 +02:00

S

Description

Synced from fn_registry

51 MiB

Languages

Go 97.6%

Shell 2.4%