From eb81bdc9e6315f41bb74cbcf16e291f5620216fc Mon Sep 17 00:00:00 2001
From: Ryderjj89 <raiden89@live.com>
Date: Sat, 13 Sep 2025 15:36:27 -0400
Subject: [PATCH] Disable helmet security headers and use relative API URLs to
 fix HTTP access

---
 backend/src/index.js         | 7 ++++++-
 frontend/src/services/api.ts | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/backend/src/index.js b/backend/src/index.js
index f583e743..144e399b 100644
--- a/backend/src/index.js
+++ b/backend/src/index.js
@@ -8,7 +8,12 @@ const app = express();
 const PORT = process.env.PORT || 3000;
 
 // Middleware
-app.use(helmet());
+app.use(helmet({
+  contentSecurityPolicy: false,
+  crossOriginOpenerPolicy: false,
+  crossOriginEmbedderPolicy: false,
+  originAgentCluster: false
+}));
 app.use(cors());
 app.use(express.json());
 
diff --git a/frontend/src/services/api.ts b/frontend/src/services/api.ts
index d7c1a1ae..f66405a2 100644
--- a/frontend/src/services/api.ts
+++ b/frontend/src/services/api.ts
@@ -1,6 +1,6 @@
 import axios from 'axios';
 
-const API_BASE_URL = process.env.REACT_APP_API_URL || 'http://localhost:3000';
+const API_BASE_URL = process.env.REACT_APP_API_URL || '';
 
 const api = axios.create({
   baseURL: API_BASE_URL,