Currently, the frontend is only calling for the manifests at build time, which is weird. But with cold (lukewarm?) starts, it can take 8 seconds. I would like it to take much less.
Also, we should open up CORS a little to make it easy while developing. Here are thoughts from Claude
CORS is wired up — but pinned to exactly https://thegardens.ai. Production works; local dev
(http://localhost:4321) and any GH Pages preview origins (e.g., https://garden-ai.github.io) will be blocked.
access-control-allow-origin: https://thegardens.ai
access-control-allow-credentials: true
vary: Origin
The good news: the server is doing per-origin matching (note Vary: Origin), not just hardcoded *, so adding more
origins is a quick allowlist addition for your colleague.
Recommendation: while the colleague is in there, ask them to add http://localhost:4321 (Astro dev) and either
https://garden-ai.github.io or whatever preview origin you use. In the meantime, we have two reasonable paths:
Currently, the frontend is only calling for the manifests at build time, which is weird. But with cold (lukewarm?) starts, it can take 8 seconds. I would like it to take much less.
Also, we should open up CORS a little to make it easy while developing. Here are thoughts from Claude