Both auth flows now navigate to the app domain rather than the
auth.cameleer.io subdomain:
PUBLIC_AUTH_SIGNIN_URL → https://app.cameleer.io/sign-in
PUBLIC_AUTH_SIGNUP_URL → https://app.cameleer.io/sign-in?first_screen=register
Updated:
- .env.example (the canonical reference values)
- OPERATOR-CHECKLIST.md (deploy-time secret values)
- src/config/auth.test.ts (test fixtures)
- src/middleware.ts (CSP-comment about <a> navigation target)
- src/pages/privacy.astro (visitor-facing external-links section
in §6 of the privacy policy)
The auth.ts validator stays strict-https — the new URLs are still
absolute https URLs, just on a different host. Logto itself may
still run at auth.cameleer.io as the OIDC backend; only the
visitor-facing /sign-in entry point moved.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
