Disable helmet security headers and use relative API URLs to fix HTTP access

2025-09-13 15:36:27 -04:00
parent 0232b854c9
commit eb81bdc9e6
2 changed files with 7 additions and 2 deletions
--- a/backend/src/index.js
+++ b/backend/src/index.js
@@ -8,7 +8,12 @@ const app = express();
 const PORT = process.env.PORT || 3000;

 // Middleware
-app.use(helmet());
+app.use(helmet({
+  contentSecurityPolicy: false,
+  crossOriginOpenerPolicy: false,
+  crossOriginEmbedderPolicy: false,
+  originAgentCluster: false
+}));
 app.use(cors());
 app.use(express.json());

--- a/frontend/src/services/api.ts
+++ b/frontend/src/services/api.ts
@@ -1,6 +1,6 @@
 import axios from 'axios';

-const API_BASE_URL = process.env.REACT_APP_API_URL || 'http://localhost:3000';
+const API_BASE_URL = process.env.REACT_APP_API_URL || '';

 const api = axios.create({
  baseURL: API_BASE_URL,