dcb573ed8a
Without the leading dot, the auth_token cookie was only sent to the exact host homelab.local — not to finance.homelab.local, auth.homelab.local, etc. — so the forward-auth check failed on any subdomain after login. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>