From a2119b8bfda827d4443207acb2ffe6422c818ad7 Mon Sep 17 00:00:00 2001
From: hsiegeln <37154749+hsiegeln@users.noreply.github.com>
Date: Tue, 7 Apr 2026 00:05:33 +0200
Subject: [PATCH] fix: remove Host header from admin tenant bootstrap calls

ADMIN_ENDPOINT is http://localhost:3002, but bootstrap sent
Host: PUBLIC_HOST:3002 which didn't match. Let curl use the
default Host from LOGTO_ADMIN_ENDPOINT (logto:3002) which Logto
resolves to the admin tenant internally.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 docker/logto-bootstrap.sh | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/docker/logto-bootstrap.sh b/docker/logto-bootstrap.sh
index 3b0f269..10a68e7 100644
--- a/docker/logto-bootstrap.sh
+++ b/docker/logto-bootstrap.sh
@@ -98,8 +98,6 @@ M_DEFAULT_SECRET=$(psql -h "$PG_HOST" -U "$PG_USER" -d "$PG_DB_LOGTO" -t -A -c \
 get_admin_token() {
   curl -s -X POST "${LOGTO_ADMIN_ENDPOINT}/oidc/token" \
     -H "Content-Type: application/x-www-form-urlencoded" \
-    -H "Host: ${HOST}:3002" \
-    \
     -d "grant_type=client_credentials&client_id=${1}&client_secret=${2}&resource=${MGMT_API_RESOURCE}&scope=all"
 }
 
@@ -391,8 +389,6 @@ if [ -z "$M_ADMIN_SECRET" ]; then
 else
   ADMIN_TOKEN_RESPONSE=$(curl -s -X POST "${LOGTO_ADMIN_ENDPOINT}/oidc/token" \
     -H "Content-Type: application/x-www-form-urlencoded" \
-    -H "Host: ${HOST}:3002" \
-    \
     -d "grant_type=client_credentials&client_id=m-admin&client_secret=${M_ADMIN_SECRET}&resource=${ADMIN_MGMT_RESOURCE}&scope=all")
   ADMIN_TOKEN=$(echo "$ADMIN_TOKEN_RESPONSE" | jq -r '.access_token' 2>/dev/null)
 
@@ -404,14 +400,14 @@ else
 
     # Admin-tenant API helpers (port 3002, admin token)
     admin_api_get() {
-      curl -s -H "Authorization: Bearer $ADMIN_TOKEN" -H "Host: ${HOST}:3002" "${LOGTO_ADMIN_ENDPOINT}${1}" 2>/dev/null || echo "[]"
+      curl -s -H "Authorization: Bearer $ADMIN_TOKEN" "${LOGTO_ADMIN_ENDPOINT}${1}" 2>/dev/null || echo "[]"
     }
     admin_api_post() {
-      curl -s -X POST -H "Authorization: Bearer $ADMIN_TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}:3002" \
+      curl -s -X POST -H "Authorization: Bearer $ADMIN_TOKEN" -H "Content-Type: application/json" \
         -d "$2" "${LOGTO_ADMIN_ENDPOINT}${1}" 2>/dev/null || true
     }
     admin_api_patch() {
-      curl -s -X PATCH -H "Authorization: Bearer $ADMIN_TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}:3002" \
+      curl -s -X PATCH -H "Authorization: Bearer $ADMIN_TOKEN" -H "Content-Type: application/json" \
         -d "$2" "${LOGTO_ADMIN_ENDPOINT}${1}" 2>/dev/null || true
     }