- AZURE_AD_REDIRECT_URI set to https://optical-dev.oliver.solutions/ppt-tool/
- Root page intercepts ?code= from Azure AD and forwards to backend callback
- Post-OAuth redirect uses NEXT_PUBLIC_BASE_PATH env var (/ppt-tool/dashboard)
- Cookie secure flag driven by COOKIE_SECURE env var (true in prod)
- Dev login now works alongside Azure AD when DEV_AUTH_PASSWORD is set
- Login page shows both Microsoft SSO and dev form when both modes enabled
- docker-compose.prod.yml: add COOKIE_SECURE=true and NEXT_PUBLIC_BASE_PATH
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
In Compose v5, !reset resets a key to its default (empty) and ignores
the provided values. !override replaces the existing list entirely,
which is the correct behaviour for restricting ports to 127.0.0.1.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Docker Compose merges port lists from multiple -f files by concatenation.
Without !reset, both 0.0.0.0:8000:8000 (base) and 127.0.0.1:8000:8000
(prod override) are applied simultaneously, causing "port already allocated".
!reset clears the list before applying prod-specific bindings (requires
Docker Compose v2.24+, available in current docker-compose-plugin via apt).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
