# Debug Session: cdn-backend-unreachable - Status: OPEN - Started: 2026-06-20 - Symptom: - After enabling Alibaba Cloud CDN for `ticket.fse-media.group`, ticket price calculation fails. - The ticket query page does not display ticket items. - Constraints: - No business logic changes before runtime evidence. - First code change in existing files must be instrumentation only. - Hypotheses: 1. CDN origin/path forwarding for API routes is incorrect. 2. Frontend requests use relative URLs and now point at the CDN/static origin instead of backend. 3. Backend CORS or host validation blocks requests from `ticket.fse-media.group`. 4. HTTPS, certificate, or mixed-content policy blocks API requests. - Next steps: 1. Locate the ticket-order and ticket-query frontend request code. 2. Identify backend API base URL configuration and deployment assumptions. 3. Reproduce with browser/network evidence and add instrumentation only if needed. - Runtime evidence: 1. Live check on `https://ticket.fse-media.group/order` shows `GET /api/public/lines`, `GET /api/public/stations`, and `GET /api/public/config` all return `200`. 2. Live check on `https://ticket.fse-media.group/search` shows `GET /api/public/tickets?q=` and `GET /api/public/popular` succeed, and the ticket list renders 23 rows. 3. Direct fetch on the live site confirms `/api/public/fares/query?from=HC-01&to=HC-02` returns valid fare data. 4. Frontend code uses same-origin relative API paths, so CDN did not break API origin resolution itself. 5. Live responses for `/ticket-order.js`, `/ticket-search.js`, and `/public-status.js` return `Cache-Control: max-age=43200`, while the affected HTML pages reference them without version query parameters. - Hypothesis result: 1. CDN origin/path forwarding for API routes is incorrect: falsified by live `200` responses. 2. Frontend requests use relative URLs and now point at the wrong origin: falsified by successful same-origin API responses. 3. Backend CORS or host validation blocks CDN domain: falsified by successful browser fetches from the production page. 4. HTTPS/certificate/mixed-content issue on API requests: not supported by runtime API evidence. - Root cause direction: 1. The codebase contained many hardcoded `http://ticket.fse-media.group/...` links in public pages and JS. 2. In a CDN + HTTPS deployment, these hardcoded HTTP jumps can split users onto a different protocol path and create intermittent failures or stale-cache behavior. 3. The affected public pages loaded critical JS assets without version parameters, while CDN/browser caching allowed 12-hour reuse of older scripts. 4. The booking page had an independent selection-state bug: after both endpoints were selected, clicking a new station only replaced the destination and never restarted the origin/destination flow, which made fare/path results look "stuck". - Fix applied: 1. Replaced all hardcoded `http://ticket.fse-media.group` links in `web/*.html` and `web/*.js` with `https://ticket.fse-media.group`. 2. This keeps all public navigation, ticket detail, and token detail links on the same HTTPS/CDN path as the working API requests. 3. Added explicit version query parameters to the critical scripts in `ticket-order.html` and `ticket-search.html` so the CDN fetches a fresh asset URL after deployment. 4. Updated `ticket-order.js` so that clicking a new station after a full start/end selection restarts the selection flow and clears stale route highlights. - Pending verification: 1. User to verify ticket price calculation and ticket search list under the CDN domain after redeploy/cache refresh.