Bug Description
When self-hosting Cap using the default Docker Compose templates (docker-compose.yml or docker-compose.coolify.yml), logging in via the Chrome extension fails with a 400 Bad Request or an HttpApiDecodeError indicating redirectUri validation issues.
Steps to Reproduce
- Deploy Cap using the self-hosted Docker templates.
- Configure the Chrome Extension's Cap URL to point to your self-hosted instance (e.g.,
https://cap.yourdomain.com).
- Click "Log In" in the extension.
- The extension attempts to authenticate against
/api/extension/auth/start but receives a 400 Bad Request / failure.
Could not reach Cap extension auth at https://cap.yourdomain.com. Start the local web server with pnpm dev:extension and make sure the extension Options Cap URL is
https://cap.hapytek.com. Redirect URI: https://fefjaffcodfiogbbngmjkcjpbpclbdcp.chromiumapp.org/. 400
Technical Context
In packages/env/server.ts, the environment variable CAP_CHROME_EXTENSION_ID is used to validate the authorized Chrome extension ID. However:
CAP_CHROME_EXTENSION_ID is not mapped to the container in docker-compose.yml or docker-compose.coolify.yml under the cap-web service.
- The parameter is undocumented and missing from the env template files (e.g.,
docker-compose.coolify.env.example), making it impossible for self-hosted instances to authorize Chrome extension logins out-of-the-box.
Bug Description
When self-hosting Cap using the default Docker Compose templates (
docker-compose.ymlordocker-compose.coolify.yml), logging in via the Chrome extension fails with a400 Bad Requestor anHttpApiDecodeErrorindicatingredirectUrivalidation issues.Steps to Reproduce
https://cap.yourdomain.com)./api/extension/auth/startbut receives a400 Bad Request/ failure.Technical Context
In
packages/env/server.ts, the environment variableCAP_CHROME_EXTENSION_IDis used to validate the authorized Chrome extension ID. However:CAP_CHROME_EXTENSION_IDis not mapped to the container indocker-compose.ymlordocker-compose.coolify.ymlunder thecap-webservice.docker-compose.coolify.env.example), making it impossible for self-hosted instances to authorize Chrome extension logins out-of-the-box.