Caught while reviewing the previous port-correction commit on this
branch. The CORS section still pointed to "Add :4201 once portal-admin
grows its own dev server" — but portal-admin has its dev server (on
:4300, not :4201), and the SPA will hit the BFF with credentials as
soon as the admin auth flow lands. Without the origin in the allowlist
the browser blocks the call and the developer chases a CORS error
instead of getting to work.
Updates the example to list both dev origins and points at
`apps/<app>/project.json` `serve.options.port` as the source of truth
so future readers don't have to grep for it.
Local `.env` is on the developer to update — this only touches
`.env.example`. Behaviour change is opt-in.
PR #129 baked `4201` into a few comments and test fixtures as the
admin SPA's dev port. The actual port wired in
`apps/portal-admin/project.json` `serve.options.port` is `4300` — the
Nx serve target listens on 4300 in dev. Aligning the references so a
contributor reading `.env.example` or the test fixtures sees the same
number their browser is hitting.
Touched:
- `apps/portal-bff/.env.example` — `ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI`
default + the surrounding comment.
- `apps/portal-bff/src/config/check-cors-allowlist.ts` — stale
doc-comment that pre-dated the portal-admin scaffolding.
- `auth.module.spec.ts`, `auth.controller.spec.ts`,
`auth.service.spec.ts`, `admin-auth.controller.spec.ts`,
`check-entra-config.spec.ts` — fixture `adminPostLogoutRedirectUri`
values. Tests don't depend on the port; aligned for clarity only.
No behaviour change. 278 specs still pass.