From 47c6500679b897370c268d436ed851a5dee81f8c Mon Sep 17 00:00:00 2001
From: Martin Porwoll <martin.porwoll@complexcaresolutions.de>
Date: Wed, 25 Feb 2026 12:32:51 +0000
Subject: [PATCH] fix: add cms.c2sgmbh.de to CORS/CSRF and save isSuperAdmin to
 JWT

- Add pl.c2sgmbh.de and cms.c2sgmbh.de to cors and csrf arrays
  to fix Forbidden error on PATCH requests from these domains
- Add saveToJWT: true to isSuperAdmin field so multiTenantPlugin
  correctly grants super admins access to all tenants

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 src/collections/Users.ts | 1 +
 src/payload.config.ts    | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/src/collections/Users.ts b/src/collections/Users.ts
index ee403cc..0a79164 100644
--- a/src/collections/Users.ts
+++ b/src/collections/Users.ts
@@ -58,6 +58,7 @@ export const Users: CollectionConfig = {
       type: 'checkbox',
       label: 'Super Admin',
       defaultValue: false,
+      saveToJWT: true,
       access: {
         read: superAdminFieldAccess,
         create: superAdminFieldAccess,
diff --git a/src/payload.config.ts b/src/payload.config.ts
index be93b0f..cf2d1af 100644
--- a/src/payload.config.ts
+++ b/src/payload.config.ts
@@ -193,6 +193,8 @@ export default buildConfig({
     'https://porwoll.de',
     'https://www.porwoll.de',
     'https://pl.porwoll.tech',
+    'https://pl.c2sgmbh.de',
+    'https://cms.c2sgmbh.de',
   ],
   // CSRF Protection
   csrf: [
@@ -205,6 +207,8 @@ export default buildConfig({
     'https://porwoll.de',
     'https://www.porwoll.de',
     'https://pl.porwoll.tech',
+    'https://pl.c2sgmbh.de',
+    'https://cms.c2sgmbh.de',
   ],
   collections: [
     Users,