fix: 프로덕션 쿠키/세션 문제 해결

- trust proxy 설정 (Traefik 뒤에서 동작)
- 쿠키 secure:false (Traefik이 SSL 처리하므로 내부는 HTTP)
- fetch credentials:'same-origin' 명시
- redirect:manual 제거 (opaqueredirect 문제)
- content-type 체크로 비정상 응답 감지

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

views/admin/layout.ejs

@@ -121,14 +121,18 @@ tr:hover td{background:rgba(255,255,255,.02)}
 <div class="toast" id="toast"></div>
 <script>
 function api(method, url, data) {
-  const opts = { method, headers: { 'Content-Type': 'application/json' }, redirect: 'manual' };
+  const opts = { method, headers: { 'Content-Type': 'application/json' }, credentials: 'same-origin' };
   if (data) opts.body = JSON.stringify(data);
   return fetch(url, opts).then(r => {
-    if (r.status === 401 || r.type === 'opaqueredirect' || r.status === 0) {
+    const ct = r.headers.get('content-type') || '';
+    if (r.status === 401) {
       window.location.href = '/login?redirect=' + encodeURIComponent(window.location.pathname);
       return [];
     }
-    if (!r.ok) return r.json().then(j => { throw new Error(j.error || 'API Error'); });
+    if (!ct.includes('application/json')) {
+      console.error('API returned non-JSON:', r.status, ct);
+      return [];
+    }
     return r.json();
   }).catch(err => {
     console.error('API Error:', err);