Update Docker Compose and backend settings; enhance Vite configuration for reverse proxy and improve API error handling. Removed VITE_ALLOWED_HOSTS from Docker Compose, clarified allowed hosts in settings.py, and added handling for 403 Forbidden responses in api.ts to clear invalid tokens.

frontend/src/services/api.ts

@@ -140,6 +140,24 @@ export async function fetchAPI(endpoint: string, options?: RequestInit & { timeo
     // Read response body once (can only be consumed once)
     const text = await response.text();
 
+    // Handle 403 Forbidden with authentication error - clear invalid tokens
+    if (response.status === 403) {
+      try {
+        const errorData = text ? JSON.parse(text) : null;
+        // Check if it's an authentication credentials error
+        if (errorData?.detail?.includes('Authentication credentials') || 
+            errorData?.message?.includes('Authentication credentials') ||
+            errorData?.error?.includes('Authentication credentials')) {
+          // Token is invalid - clear auth state and force re-login
+          const { logout } = useAuthStore.getState();
+          logout();
+          // Don't throw here - let the error handling below show the error
+        }
+      } catch (e) {
+        // If parsing fails, continue with normal error handling
+      }
+    }
+
     // Handle 401 Unauthorized - try to refresh token
     if (response.status === 401) {
       const refreshToken = getRefreshToken();
@@ -197,8 +215,14 @@ export async function fetchAPI(endpoint: string, options?: RequestInit & { timeo
             }
           }
         } catch (refreshError) {
-          // Refresh failed, continue with original error handling
+          // Refresh failed, clear auth state and force re-login
+          const { logout } = useAuthStore.getState();
+          logout();
         }
+      } else {
+        // No refresh token available, clear auth state
+        const { logout } = useAuthStore.getState();
+        logout();
       }
     }