Same-origin requests omit the Origin header, which was rejected in
production. Also restrict to WebSocket transport on both client and
server to eliminate need for sticky sessions with multiple replicas.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The checkAuth useEffect was overwriting the legal page view state
with 'login' when unauthenticated users navigated directly to
/terms, /privacy, or /support.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove unused normalizeIssue and JIRA_STORY_POINTS_FIELD env var
- Add URL routing for /terms, /privacy, /support pages
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Full-stack app with Express/Socket.io backend, React frontend,
NATS JetStream for state, and Atlassian Jira OAuth integration.
Includes security hardening: NATS auth support, KV bucket TTL
enforcement, CAS retry for race conditions, error message
sanitization, and OAuth state stored in NATS KV.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
