Scenarios & Samples
Three concrete .env configurations covering the deployment models from
Chapter 1, using FlowStudio's real environment variable names.
(a) Local Development
FlowStudio's Vite dev server runs on localhost:6005; the Flow API runs on
localhost:10001. Vite's dev server proxy forwards any request under /api to
the API, so the browser only ever sees requests to its own origin
(localhost:6005) — meaning VITE_API_BASE_URL can stay empty.
.env.localVITE_API_BASE_URL=
VITE_TENANT_ID=1
VITE_GOOGLE_CLIENT_ID=
vite.config.ts — dev server proxyserver: {
port: 6005,
proxy: {
'/api': {
target: 'https://localhost:10001',
changeOrigin: true,
secure: false
}
}
}
A relative fetch from the app (e.g. to /api/v1/project/projects/list) resolves against
http://localhost:6005, and Vite's dev proxy transparently forwards it to
https://localhost:10001. No CORS problem, no absolute URL needed.
(b) Inline Production
Both FlowStudio and the Flow API are served from the same public origin,
https://qa.grippingly.com, with FlowStudio living under the
/flowstudio/ path. VITE_API_BASE_URL is left empty so
calculateApiUrl() resolves it to the page's own origin at runtime.
.env.production (inline deployment)VITE_API_BASE_URL=
VITE_TENANT_ID=1
VITE_GOOGLE_CLIENT_ID=<production-client-id>
VITE_BASE_URL=/flowstudio/
/api
Every API client endpoint constant already carries its own leading /api/v1/...
segment (e.g. /api/v1/atlas/forms/list). If VITE_API_BASE_URL is
explicitly set to /api, the final request becomes
https://qa.grippingly.com/api/api/v1/atlas/forms/list — a 404, because the URL builder
does a plain string concatenation with no de-duplication. See
Chapter 2.4 for the full
explanation of this exact bug.
(c) Independent Server
FlowStudio is deployed to its own host — a CDN or static file server — completely separate from the
API's host. VITE_API_BASE_URL must be set explicitly to the API's full absolute URL.
.env.production (independent deployment)VITE_API_BASE_URL=https://api.some-domain.com
VITE_TENANT_ID=1
VITE_GOOGLE_CLIENT_ID=<production-client-id>
The API at https://api.some-domain.com must have CORS configured to allow the frontend's
origin.
Comparison Table
| Scenario | Frontend origin | API origin | VITE_API_BASE_URL |
CORS needed? |
|---|---|---|---|---|
| (a) Local dev | localhost:6005 |
localhost:10001 (via Vite dev proxy) |
empty | No — proxy hides it |
| (b) Inline production | qa.grippingly.com/flowstudio/ |
qa.grippingly.com |
empty | No — same origin |
| (c) Independent server | e.g. app.example.com |
api.some-domain.com |
https://api.some-domain.com |
Yes — cross origin |