**Backend Changes:**
- Add html-sanitization-config.json with allowedTags, allowedAttributes, and allowedCssProperties
- Create HtmlSanitizationConfigDto for configuration data transfer
- Update HtmlSanitizationService to load configuration from JSON file with fallback
- Add HtmlSanitizationController with public API endpoint at /api/config/html-sanitization
- Update SecurityConfig to allow public access to /api/config/** endpoints
**Frontend Changes:**
- Add configApi.getHtmlSanitizationConfig() to fetch backend configuration
- Create sanitization.ts utility with sanitizeHtml() and sanitizeHtmlSync() functions
- Update story reading page to use shared sanitization configuration
- Add preloadSanitizationConfig() for early configuration loading
- Handle TrustedHTML type conversion and DOMPurify config compatibility
**Benefits:**
- Consistent HTML sanitization rules between frontend and backend
- Centralized configuration in JSON file for easy maintenance
- Automatic fallback to safe defaults if configuration loading fails
- API-driven approach allows runtime configuration updates
- Maintains security while providing flexibility for content formatting
Resolves HTML sanitization inconsistencies and provides foundation for configurable content safety rules.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add STORYCOVE_CORS_ALLOWED_ORIGINS environment variable to docker-compose.yml
- Include production domain https://storycove.sharyavin.synology.me in allowed origins
- Update SecurityConfig to read from environment variable with fallback
- Maintains localhost support for development while enabling production access
- Fixes "Invalid CORS request" error on deployed application
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Double all $ characters in nginx config ($$host, $$http_upgrade, etc.)
- Prevents Docker Compose from interpreting nginx vars as environment variables
- Fixes "invalid number of arguments in proxy_set_header directive" error
- Ensures proper nginx variable passing in embedded config
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove quotes from Connection header value to fix nginx parsing error
- Simplify Cache-Control header to avoid argument parsing issues
- Clean up embedded nginx config formatting for better compatibility
- Resolves "invalid number of arguments in proxy_set_header directive" error
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
