Allow all origins by default, restrict only when ALLOWED_ORIGINS is set

Same-origin requests don't need CORS restrictions. Users can optionally set ALLOWED_ORIGINS to lock it down.
2026-03-19 00:13:23 +01:00
parent c6a9b54662
commit 8601370a47
2 changed files with 8 additions and 6 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -7,7 +7,7 @@ services:
    environment:
      - NODE_ENV=production
      - JWT_SECRET=${JWT_SECRET:-change-me-to-a-long-random-string}
-      - ALLOWED_ORIGINS=${ALLOWED_ORIGINS:-http://localhost:3000}
+      # - ALLOWED_ORIGINS=https://yourdomain.com  # Optional: restrict CORS to specific origins
      - PORT=3000
    volumes:
      - ./data:/app/data