fix: configure CORS to allow frontend and PWA domains

- Update backend main.ts to include www.placebo.mk in allowed origins
- Add logging to show which origins are allowed
- Set FRONTEND_URL, PWA_URL, STRAPI_URL env vars in docker-compose
- This fixes 'No Access-Control-Allow-Origin header' CORS errors

backend/src/main.ts

@@ -6,11 +6,15 @@ import { JwtAuthPublicGuard } from './modules/auth/jwt-auth-public.guard';
 async function bootstrap() {
   const app = await NestFactory.create(AppModule);
 
+  // Build allowed origins list from environment variables
   const allowedOrigins = [
     process.env.FRONTEND_URL ?? 'http://localhost:5173',
+    'https://www.placebo.mk', // Also allow www subdomain
     process.env.PWA_URL ?? 'http://localhost:5174',
     process.env.STRAPI_URL ?? 'http://localhost:1337',
-  ];
+  ].filter(Boolean); // Remove any undefined/null values
+
+  console.log('CORS enabled for origins:', allowedOrigins);
 
   app.enableCors({
     origin: allowedOrigins,

docker-compose.coolify.yml

@@ -77,8 +77,9 @@ services:
       DATABASE_LOGGING: 'false'
       JWT_SECRET: ${JWT_SECRET}
       JWT_EXPIRATION: '86400'
-      CORS_ORIGIN: https://placebo.mk,https://www.placebo.mk,https://app.placebo.mk
+      FRONTEND_URL: https://placebo.mk
-      STRAPI_URL: http://cms:1337
+      PWA_URL: https://app.placebo.mk
+      STRAPI_URL: https://cms.placebo.mk
       STRAPI_API_TOKEN: ${STRAPI_API_TOKEN}
       VAPID_SUBJECT: ${VAPID_SUBJECT:-mailto:contact@placebo.mk}
       VAPID_PUBLIC_KEY: ${VAPID_PUBLIC_KEY}