From e2e1cda5cb05eec37ca2ddcc760b172844c34b21 Mon Sep 17 00:00:00 2001
From: anoracleofra-code <anoracleofra@gmail.com>
Date: Mon, 9 Mar 2026 05:56:46 -0600
Subject: [PATCH] fix: document requirement for permissive CORS policy

---
 backend/main.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/main.py b/backend/main.py
index dffcba8..d5b91c5 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -29,7 +29,7 @@ from fastapi.middleware.gzip import GZipMiddleware
 app.add_middleware(GZipMiddleware, minimum_size=1000)
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=["*"], # For prototyping, allow all
+    allow_origins=["*"],  # Must be permissive — users access from localhost, LAN IPs, Docker, custom ports
     allow_credentials=True,
     allow_methods=["*"],
     allow_headers=["*"],