diff --git a/.env.public b/.env.public
index b617290b..35595232 100644
--- a/.env.public
+++ b/.env.public
@@ -8,8 +8,6 @@
 # @@@ WARNING: DON'T ADD NEXT_PUBLIC_* VARIABLES IF THEY'RE PRIVATE @@@
 
 # env specific
-NEXTAUTH_SECRET=random-string
-NEXTAUTH_URL=http://localhost:3000
 API_HOST_DEV=
 API_HOST=http://localhost:3001
 
diff --git a/lib/auth/constants.ts b/lib/auth/constants.ts
index 00493a5c..6c4ff121 100644
--- a/lib/auth/constants.ts
+++ b/lib/auth/constants.ts
@@ -11,7 +11,7 @@ const methods = {
   signIn: () => {},
   signOut: async () => {
     try {
-      const response = await fetch(`${process.env.NEXT_PUBLIC_NEXUS_HOST}/api/auth/signout`, {
+      const response = await fetch(`${process.env.NEXT_PUBLIC_NEXUS_HOST}/api/v1/auth/signout`, {
         method: 'POST',
         headers: {
           Accept: 'application/json',
@@ -26,7 +26,13 @@ const methods = {
   },
   getCsrf: async () => {
     try {
-      const response = await fetch(`${process.env.NEXT_PUBLIC_NEXUS_HOST}/api/auth/csrf`, { credentials: 'include' });
+      const response = await fetch(`${process.env.NEXT_PUBLIC_NEXUS_HOST}/api/v1/auth/csrf`, {
+        method: 'GET',
+        headers: {
+          Accept: 'application/json',
+        },
+        credentials: 'include',
+      });
       const csrf = await response.json();
       return csrf.csrfToken;
     } catch (e) {
@@ -35,11 +41,10 @@ const methods = {
   },
   getSession: async (params = { cookies: '' }) => {
     try {
-      const response = await fetch(`${process.env.NEXT_PUBLIC_NEXUS_HOST}/api/auth/session`, {
+      const response = await fetch(`${process.env.NEXT_PUBLIC_NEXUS_HOST}/api/v1/auth/session`, {
         method: 'GET',
         headers: {
           Accept: 'application/json',
-          'Content-Type': 'application/json',
           Cookie: params?.cookies,
         },
         credentials: 'include',
diff --git a/next.config.js b/next.config.js
index aa4efa83..61546c13 100644
--- a/next.config.js
+++ b/next.config.js
@@ -1,7 +1,7 @@
 /** @type {import('next').NextConfig} */
 const { withSentryConfig } = require('@sentry/nextjs');
 const nextConfig = {
-  basePath: process.env.NEXUS_BASE_PATH,
+  assetPrefix: process.env.MAIN_URL || 'https://nyx.dreampip.com',
   transpilePackages: ['next-auth'],
   images: {
     remotePatterns: [
@@ -23,6 +23,11 @@ const nextConfig = {
         destination: '/services/rickmorty/list',
         permanent: false,
       },
+      // {
+      //   source: '/signin',
+      //   destination: '/dash/signin',
+      //   permanent: false,
+      // },
     ];
   },
 };
diff --git a/src/app/components/client/blocks/topnav-view.tsx b/src/app/components/client/blocks/topnav-view.tsx
index 2949e348..bdc8f7d4 100644
--- a/src/app/components/client/blocks/topnav-view.tsx
+++ b/src/app/components/client/blocks/topnav-view.tsx
@@ -36,7 +36,9 @@ export const VTopNav = ({ user }: VTopNavProps) => {
 
   // !make it isomorphic again with cookies
   useEffect(() => {
-    getSession().then((session) => setUser(session?.user));
+    getSession().then((session) => {
+      setUser(session?.user)
+    });
   }, []);
 
   useEffect(() => {
diff --git a/src/app/components/client/elements/signin-view.tsx b/src/app/components/client/elements/signin-view.tsx
index 3b04addf..f776c5eb 100644
--- a/src/app/components/client/elements/signin-view.tsx
+++ b/src/app/components/client/elements/signin-view.tsx
@@ -45,5 +45,5 @@ export const VSignIn = ({ user }: VSignInProps) => {
       </div>
     );
 
-  return <DPButton onClick={() => navigate('/api/auth/signin')}>Sign in</DPButton>;
+  return <DPButton onClick={() => navigate('/api/v1/auth/signin')}>Sign in</DPButton>;
 };
diff --git a/src/app/components/client/elements/signup-view.tsx b/src/app/components/client/elements/signup-view.tsx
index 86cf7b23..9b0d6a18 100644
--- a/src/app/components/client/elements/signup-view.tsx
+++ b/src/app/components/client/elements/signup-view.tsx
@@ -5,7 +5,7 @@ import { useContext, useEffect, useRef, useState } from 'react';
 import { signIn, signOut, getCsrf } from "@auth";
 import { AuthContext } from '@state';
 import { ALogIn, ALogOut } from '@actions';
-import { navigate, setCookie } from '@gateway';
+import { navigate, setCookie, getCookie } from '@gateway';
 import { Button, TextInput, Logo, Typography  } from "@dreampipcom/oneiros";
 
 interface IAuthProvider {
@@ -32,7 +32,7 @@ async function doSignIn() {
 
 
 export const VSignUp = ({ providers, user }: VSignUpProps) => {
-  const [csrf, setCsrf] = useState();
+  const [csrf, setCsrf] = useState("");
   const authContext = useContext(AuthContext);
   const [isUserLoaded, loadUser] = ALogIn({});
   const [, unloadUser] = ALogOut({});
@@ -45,7 +45,7 @@ export const VSignUp = ({ providers, user }: VSignUpProps) => {
   const oauth = _providers.slice(1, providers.length)
   const defaultP = _providers[0]
 
-  const signInUrl = '/api/auth/signin'
+  const signInUrl = '/api/v1/auth/signin'
 
   const callbackUrl = process.env.NEXT_PUBLIC_NEXUS_BASE_PATH || "/"
 
@@ -54,10 +54,11 @@ export const VSignUp = ({ providers, user }: VSignUpProps) => {
   const coercedName = name || user?.name || user?.email || "Young Padawan";
 
   useEffect(() => {
-      getCsrf().then((_csrf) => {
-        setCsrf(_csrf);
-        setCookie({ name: '__Host-authjs.csrf-token', value: _csrf });
-      });
+      if(!csrf) {
+        const cookie = getCookie({ name: 'authjs.csrf-token' }).then((_csrf) => {
+          setCsrf(_csrf?.value || "");
+        });
+     }
   }, [csrf]);
 
   useEffect(() => {
diff --git a/src/app/error/page.tsx b/src/app/dash/error/page.tsx
similarity index 100%
rename from src/app/error/page.tsx
rename to src/app/dash/error/page.tsx
diff --git a/src/app/services/hypnos/[mode]/page.tsx b/src/app/dash/services/hypnos/[mode]/page.tsx
similarity index 100%
rename from src/app/services/hypnos/[mode]/page.tsx
rename to src/app/dash/services/hypnos/[mode]/page.tsx
diff --git a/src/app/services/rickmorty/[mode]/page.tsx b/src/app/dash/services/rickmorty/[mode]/page.tsx
similarity index 100%
rename from src/app/services/rickmorty/[mode]/page.tsx
rename to src/app/dash/services/rickmorty/[mode]/page.tsx
diff --git a/src/app/signin/page.tsx b/src/app/dash/signin/page.tsx
similarity index 100%
rename from src/app/signin/page.tsx
rename to src/app/dash/signin/page.tsx
diff --git a/src/app/verify/page.tsx b/src/app/dash/verify/page.tsx
similarity index 100%
rename from src/app/verify/page.tsx
rename to src/app/dash/verify/page.tsx
diff --git a/src/app/gateway/client/actions.ts b/src/app/gateway/client/actions.ts
index 56ba2cfa..cbe86c2a 100644
--- a/src/app/gateway/client/actions.ts
+++ b/src/app/gateway/client/actions.ts
@@ -9,5 +9,18 @@ export async function navigate(url: string) {
 
 export async function setCookie({ name, value }: { name: string; value: string }) {
   // Set cookie
-  cookies().set(name, value);
+  const cookiesStore = cookies();
+  const currentCookies = cookiesStore.getAll();
+  console.log({ currentCookies });
+  cookiesStore.set(name, value, { secure: true });
+  console.log({ nextCookies: currentCookies });
+}
+
+export async function getCookie({ name }: { name: string }) {
+  // Set cookie
+  // const cookiesStore = cookies()
+  // const currentCookies = cookiesStore.getAll();
+  // console.log({ currentCookies })
+  return cookies().get(name);
+  // console.log({ nextCookies: currentCookies })
 }
diff --git a/src/app/gateway/index.ts b/src/app/gateway/index.ts
index a3a182b7..fa20fcbf 100644
--- a/src/app/gateway/index.ts
+++ b/src/app/gateway/index.ts
@@ -1,7 +1,7 @@
 // index.ts
 
 // client
-export { navigate, setCookie } from './client/actions';
+export { navigate, setCookie, getCookie } from './client/actions';
 
 // server
 export { getUser, loadChars, reloadChars, getChars } from './server/actions';
diff --git a/src/app/layout.tsx b/src/app/layout.tsx
index 47b77ace..e80063ac 100644
--- a/src/app/layout.tsx
+++ b/src/app/layout.tsx
@@ -1,11 +1,8 @@
 import type { Metadata } from 'next';
 import { DPTopNav } from '@blocks/server';
 import { RootProviders } from '@state';
-import { Inter } from 'next/font/google';
 import './globals.css';
 
-const inter = Inter({ subsets: ['latin'] });
-
 export const metadata: Metadata = {
   title: process.env.PATTERNS_TITLE,
   description: process.env.PATTERNS_DESCRIPTION,
@@ -14,7 +11,7 @@ export const metadata: Metadata = {
 export default function RootLayout({ children }: { children: React.ReactNode }) {
   return (
     <html lang="en">
-      <body className={inter.className}>
+      <body>
         <RootProviders>
           <DPTopNav />
           {children}
diff --git a/src/middleware.ts b/src/middleware.ts
index 285d043b..7ccf4cc5 100644
--- a/src/middleware.ts
+++ b/src/middleware.ts
@@ -6,10 +6,24 @@ export const config = {
   matcher: ['/api/:path*'],
 };
 
+const headers: Record<string, any> = {
+  'Access-Control-Allow-Origin': process.env.MAIN_URL || 'https://www.dreampip.com',
+  'Cache-Control': 'maxage=0, s-maxage=300, stale-while-revalidate=300',
+  // DEV-DEBUG:
+  // 'content-type': 'application/json',
+  // 'Access-Control-Allow-Origin': 'http://localhost:2999',
+  'Access-Control-Allow-Credentials': 'true',
+  'Access-Control-Allow-Headers': 'baggage, sentry-trace',
+};
+
 export function middleware(request: NextRequest) {
   const response = NextResponse.next();
   const pkce = request.cookies.get('next-auth.pkce.code_verifier');
 
+  Object.keys(headers).forEach((key: string) => {
+    response.headers.set(key, headers[key]);
+  });
+
   if (pkce?.value) {
     response.cookies.set('next-auth.pkce.code_verifier', pkce.value, {
       httpOnly: true,