add ZERO_MUTATE_URL and no-op mutate endpoint for zero-cache auth passthrough

2026-04-25 00:36:31 +02:00 · 2026-03-24 16:25:13 +02:00 · 2026-03-24 16:25:13 +02:00 · 5c98f1c717
commit 5c98f1c717
parent 0e49cc33f8
4 changed files with 16 additions and 2 deletions
--- a/docker/.env.example
+++ b/docker/.env.example
@ -85,13 +85,20 @@ EMBEDDING_MODEL=sentence-transformers/all-MiniLM-L6-v2
 # ZERO_CVR_DB=postgresql://surfsense:surfsense@db:5432/surfsense
 # ZERO_CHANGE_DB=postgresql://surfsense:surfsense@db:5432/surfsense

-# URL where zero-cache sends queries for resolution (server-to-server).
-# Default: http://frontend:3000/api/zero/query (Docker service networking).
+# ZERO_QUERY_URL: where zero-cache forwards query requests for resolution.
+# ZERO_MUTATE_URL: required by zero-cache when auth tokens are used, even though
+#   SurfSense does not use Zero mutators. Setting both URLs tells zero-cache to
+#   skip its own JWT verification and let the app endpoints handle auth instead.
+#   The mutate endpoint is a no-op that returns an empty response.
+# Default: Docker service networking (http://frontend:3000/api/zero/...).
 # Override when running the frontend outside Docker:
 #   ZERO_QUERY_URL=http://host.docker.internal:3000/api/zero/query
+#   ZERO_MUTATE_URL=http://host.docker.internal:3000/api/zero/mutate
 # Override for custom domain:
 #   ZERO_QUERY_URL=https://app.yourdomain.com/api/zero/query
+#   ZERO_MUTATE_URL=https://app.yourdomain.com/api/zero/mutate
 # ZERO_QUERY_URL=http://frontend:3000/api/zero/query
+# ZERO_MUTATE_URL=http://frontend:3000/api/zero/mutate

 # ------------------------------------------------------------------------------
 # Database (defaults work out of the box, change for security)