The SPA is now served behind a same-origin reverse proxy (Caddy) that
fronts both bus planes, so the data layer reaches them through the page's
own origin instead of a hardcoded cluster node IP. This removes CORS
entirely and hides the cluster IPs behind the proxy.
- BUS_HTTP falls back to the relative path /api (the signed HTTPS control
plane), resolved against the page origin by ControlPlane's fetch.
- BUS_WS falls back to a wss URL derived from window.location (same host,
scheme mirroring https/http, path /nats), since a browser WebSocket needs
an absolute ws(s) URL.
- The raw self-signed-IP fallback (https://51.91.100.142:8470, wss://...:8480)
is gone. The VITE_BUS_HTTP / VITE_BUS_WS build-time overrides remain for a
dev setup that points straight at a cluster node.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
egutierrez
e12894099f