Allow private-network CORS origins in development

2026-03-01 17:08:50 -03:00
parent 0242e061c2
commit 1b2e0cb8af
7 changed files with 31 additions and 1 deletions
--- a/.env.example
+++ b/.env.example
@@ -36,6 +36,7 @@ PROVIDER_BASE_URL_ALLOWLIST=[]
 PUBLIC_BASE_URL=http://localhost:8000
 CORS_ORIGINS=["http://localhost:5173","http://localhost:3000"]
 CORS_ALLOW_CREDENTIALS=false
+CORS_ALLOW_DEVELOPMENT_PRIVATE_NETWORK_ORIGINS=true
 VITE_API_BASE=

 # Production baseline overrides (set explicitly for live deployments):
@@ -50,4 +51,5 @@ VITE_API_BASE=
 # PUBLIC_BASE_URL=https://api.example.com
 # CORS_ORIGINS=["https://app.example.com"]
 # CORS_ALLOW_CREDENTIALS=false
+# CORS_ALLOW_DEVELOPMENT_PRIVATE_NETWORK_ORIGINS=false
 # VITE_API_BASE=https://api.example.com/api/v1