fix: Route all banner API calls through Next.js proxy (SSL cert fix)

Browser blocks direct calls to backend-compliance:8093 due to self-signed SSL certificate. All banner API calls now go through Next.js API proxy at /api/sdk/v1/banner/* which runs server-side. - New catch-all proxy: /api/sdk/v1/banner/[[...path]]/route.ts Maps to backend-compliance:8002/api/compliance/banner/* - Preview page: uses /api/sdk/v1/banner/ instead of https://macmini:8093 - CMP Dashboard: uses proxy for banner stats + compliance proxy for DSR/einwilligungen - Fixes: banner not closeable due to API errors, consent not saving Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-03 08:53:20 +02:00
parent bb2ebd03cd
commit e8b5c90a49
3 changed files with 87 additions and 14 deletions
@@ -11,11 +11,10 @@ import Link from 'next/link'
 * but with EWR-Only as unique differentiator.
 */

-const API_BASE = typeof window !== 'undefined'
-  ? (process.env.NEXT_PUBLIC_SDK_URL || `${window.location.protocol}//${window.location.hostname}:8093`)
-  : ''
+// Use Next.js API proxy to avoid SSL cert issues
+const BANNER_API = '/api/sdk/v1/banner'
 const TENANT_ID = '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e'
-const HEADERS = { 'X-Tenant-ID': TENANT_ID }
+const HEADERS = { 'x-tenant-id': TENANT_ID }

 interface BannerStats { total_consents: number; category_acceptance: Record<string, { count: number; rate: number }> }
 interface ConsentStats { total_consents: number; active_consents: number; revoked_consents: number; unique_users: number; conversion_rate: number }
@@ -59,12 +58,13 @@ export default function CMPDashboardPage() {

  useEffect(() => {
    async function load() {
-      const f = (url: string) => fetch(`${API_BASE}${url}`, { headers: HEADERS }).then(r => r.ok ? r.json() : null).catch(() => null)
+      const fb = (path: string) => fetch(`${BANNER_API}/${path}`, { headers: HEADERS }).then(r => r.ok ? r.json() : null).catch(() => null)
+      const fa = (path: string) => fetch(`/api/sdk/v1/compliance/${path}`, { headers: HEADERS }).then(r => r.ok ? r.json() : null).catch(() => null)
      const [banner, consent, dsr, siteList] = await Promise.all([
-        f('/banner/admin/stats/preview-test-site'),
-        f('/einwilligungen/consents/stats'),
-        f('/dsr/stats'),
-        f('/banner/admin/sites'),
+        fb('admin/stats/preview-test-site'),
+        fa('einwilligungen/consents/stats'),
+        fa('dsr/stats'),
+        fb('admin/sites'),
      ])
      setBannerStats(banner)
      setConsentStats(consent)
@@ -17,9 +17,8 @@ import {
 * This page runs OUTSIDE the SDK layout to simulate a real website experience.
 */

-const API_BASE = typeof window !== 'undefined'
-  ? (process.env.NEXT_PUBLIC_SDK_URL || `${window.location.protocol}//${window.location.hostname}:8093`)
-  : ''
+// Use Next.js API proxy to avoid SSL cert issues with direct backend calls
+const API_BASE = '/api/sdk/v1/banner'
 const SITE_ID = 'preview-test-site'
 const TENANT_ID = '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e'

@@ -63,7 +62,7 @@ export default function CookieBannerPreviewPage() {
      try {
        const res = await fetch(
          `${API_BASE}/banner/consent?site_id=${SITE_ID}&device_fingerprint=${fingerprint}`,
-          { headers: { 'X-Tenant-ID': TENANT_ID } },
+          { headers: { 'x-tenant-id': TENANT_ID } },
        )
        if (res.ok) {
          const data = await res.json()
@@ -91,7 +90,7 @@ export default function CookieBannerPreviewPage() {
    try {
      const res = await fetch(`${API_BASE}/banner/consent`, {
        method: 'POST',
-        headers: { 'Content-Type': 'application/json', 'X-Tenant-ID': TENANT_ID },
+        headers: { 'Content-Type': 'application/json', 'x-tenant-id': TENANT_ID },
        body: JSON.stringify({
          site_id: SITE_ID,
          device_fingerprint: fingerprint,