fix: update cors to allow same-origin

server/server.js

@@ -44,7 +44,7 @@ async function saveVotes(votes) {
 // Middleware
 app.use(cors({
   origin: process.env.NODE_ENV === 'production' 
-    ? ['https://s22.ethanf.gg'] 
+    ? true // Allow same origin in production since frontend and backend are on same domain
     : FRONTEND_URL,
   credentials: true,
   methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
@@ -63,7 +63,7 @@ app.use(session({
     maxAge: 24 * 60 * 60 * 1000, // 24 hours
     httpOnly: true,
     sameSite: process.env.NODE_ENV === 'production' ? 'lax' : 'lax',
-    domain: process.env.NODE_ENV === 'production' ? '.ethanf.gg' : undefined
+    domain: process.env.NODE_ENV === 'production' ? 'ethanf.gg' : undefined // Remove the dot prefix
   },
   name: 's22poll.sid'
 }));
@@ -112,7 +112,9 @@ app.get('/auth/steam/return',
   passport.authenticate('steam', { failureRedirect: '/' }),
   (req, res) => {
     console.log('User authenticated:', req.user);
-    res.redirect(FRONTEND_URL);
+    // In production, redirect to root since frontend and backend are on same domain
+    const redirectUrl = process.env.NODE_ENV === 'production' ? '/' : FRONTEND_URL;
+    res.redirect(redirectUrl);
   }
 );
 

src/services/api.ts

@@ -1,7 +1,7 @@
 import type { MapOption } from "../types";
 
 const API_BASE_URL = import.meta.env.PROD 
-  ? 'https://s22.ethanf.gg' 
+  ? '' // Empty string for same-origin requests in production
   : 'http://localhost:3001';
 
 const apiCall = async (endpoint: string, options: RequestInit = {}) => {