From ef0c29d295d8335539475334cc6d4fbb5199a80e Mon Sep 17 00:00:00 2001
From: Kaio Oliveira <kaolivei@redhat.com>
Date: Tue, 17 Mar 2026 00:13:30 -0300
Subject: [PATCH] fix: default RESOURCE_SERVER__URL to None to restore
 standalone auth

After we merged this [1], all user-facing API access to EDA must goes
through the AAP gateway when deployed as part of the platform.

However, RESOURCE_SERVER__URL defaults to "https://localhost", which
causes the JWT-only authentication override in default.py to fire
unconditionally. This breaks session-based UI login for standalone
deployments.

Setting the default to None ensures SessionAuthentication is preserved
unless RESOURCE_SERVER__URL is explicitly configured, which
only happens when deployed behind the AAP Gateway.

The reason this didn't break any development scenarios, "task docker:up"
or similar is because docker-compose-dev.yaml sets EDA_MODE=development,
which loads up development_defaults.py instead, which then sets
RESOURCE_SERVER["URL"] to None by default.

[1] https://github.com/ansible/eda-server/pull/1495
---
 src/aap_eda/settings/defaults.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/aap_eda/settings/defaults.py b/src/aap_eda/settings/defaults.py
index 825460e8b..079f83be7 100644
--- a/src/aap_eda/settings/defaults.py
+++ b/src/aap_eda/settings/defaults.py
@@ -193,7 +193,7 @@
 # DJANGO ANSIBLE BASE RESOURCE API CLIENT
 # --------------------------------------------------------
 
-RESOURCE_SERVER__URL: Optional[str] = "https://localhost"
+RESOURCE_SERVER__URL: Optional[str] = None
 RESOURCE_SERVER__SECRET_KEY: Optional[str] = ""
 RESOURCE_SERVER__VALIDATE_HTTPS: bool = False
 RESOURCE_JWT_USER_ID: Optional[str] = None