update

backend/app/main.py

@@ -200,14 +200,37 @@ def _unipile_request(method: str, path: str, payload: Optional[dict] = None):
     except Exception:
         data = {"raw": resp.text}
     if resp.status_code >= 400:
-        msg = data.get("message") if isinstance(data, dict) else None
+        msg = None
+        if isinstance(data, dict):
+            msg = (
+                data.get("message")
+                or data.get("detail")
+                or data.get("error")
+                or data.get("errors")
+            )
+            if isinstance(msg, (dict, list)):
+                msg = json.dumps(msg)
         raise HTTPException(
             status_code=resp.status_code,
-            detail=msg or f"UniPile error ({resp.status_code})",
+            detail=msg or f"UniPile error ({resp.status_code}): {resp.text}",
         )
     return data
 
 
+def _public_origin_from_request(request: Request) -> str:
+    """
+    Resolve browser-facing origin behind proxies (HF Spaces, ingress).
+    Falls back to request URL if forwarded headers are absent.
+    """
+    fwd_proto = request.headers.get("x-forwarded-proto")
+    proto = (fwd_proto.split(",")[0].strip().lower() if fwd_proto else request.url.scheme or "https")
+    fwd_host = request.headers.get("x-forwarded-host")
+    host = (fwd_host.split(",")[0].strip() if fwd_host else request.headers.get("host") or request.url.netloc or "")
+    if host:
+        return f"{proto}://{host}".rstrip("/")
+    return str(request.base_url).rstrip("/")
+
+
 def _contact_value(contact: Contact, field: str):
     if field == "first_name":
         return contact.first_name or _pick_from_raw(contact.raw_data, ["first name", "firstname", "first_name"])
@@ -1014,13 +1037,12 @@ async def list_unipile_linkedin_accounts(t: TenantContext = Depends(get_tenant_c
 @app.post("/api/unipile/linkedin/hosted-link")
 async def create_unipile_linkedin_hosted_link(
     body: UnipileHostedLinkRequest,
+    request: Request,
     t: TenantContext = Depends(get_tenant_context),
 ):
-    if not FRONTEND_ORIGIN:
-        raise HTTPException(
-            status_code=400,
-            detail="FRONTEND_ORIGIN is required to use UniPile Hosted Auth redirect flow.",
-        )
+    origin = (FRONTEND_ORIGIN or "").strip().rstrip("/") or _public_origin_from_request(request)
+    if not origin:
+        raise HTTPException(status_code=400, detail="Could not determine frontend origin for hosted auth.")
     token = str(uuid.uuid4())
     expires_at = datetime.utcnow() + timedelta(minutes=20)
     state = UnipileHostedAuthState(
@@ -1039,9 +1061,9 @@ async def create_unipile_linkedin_hosted_link(
         "providers": ["LINKEDIN"],
         "api_url": UNIPILE_API_BASE,
         "expiresOn": expires_at.isoformat() + "Z",
-        "notify_url": f"{FRONTEND_ORIGIN}/api/unipile/linkedin/hosted-callback",
-        "success_redirect_url": f"{FRONTEND_ORIGIN}/?tab=linkedin-connected",
-        "failure_redirect_url": f"{FRONTEND_ORIGIN}/?tab=linkedin-connect-failed",
+        "notify_url": f"{origin}/api/unipile/linkedin/hosted-callback",
+        "success_redirect_url": f"{origin}/?tab=linkedin-connected",
+        "failure_redirect_url": f"{origin}/?tab=linkedin-connect-failed",
         "name": token,
     }
     response = _unipile_request("POST", "/api/v1/hosted/accounts/link", payload)