security: remove localhost origins from CORS allowed list

Remove local development URLs (localhost:3000 and 127.0.0.1:3000) from
CORS_ALLOWED_ORIGINS configuration. This restricts CORS to only allow
requests from the production domain (attunehearttherapy.com), improving
security by preventing unauthorized cross-origin requests from
development environments.

booking_system/settings.py

@@ -16,8 +16,6 @@ ALLOWED_HOSTS = os.getenv('ALLOWED_HOSTS', '*').split(',')
 
 # CORS Configuration
 CORS_ALLOWED_ORIGINS = [
-    'http://localhost:3000',
-    'http://127.0.0.1:3000',
     'https://attunehearttherapy.com'
 ]