From 027d216fcbc4d6ba37b314d0a38702db871e92e2 Mon Sep 17 00:00:00 2001
From: saani <saani@BlackBusinessLabs.com>
Date: Fri, 28 Nov 2025 10:50:43 +0000
Subject: [PATCH] security: remove localhost origins from CORS allowed list

Remove local development URLs (localhost:3000 and 127.0.0.1:3000) from
CORS_ALLOWED_ORIGINS configuration. This restricts CORS to only allow
requests from the production domain (attunehearttherapy.com), improving
security by preventing unauthorized cross-origin requests from
development environments.
---
 booking_system/settings.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/booking_system/settings.py b/booking_system/settings.py
index 53934f2..c4a466d 100644
--- a/booking_system/settings.py
+++ b/booking_system/settings.py
@@ -16,8 +16,6 @@ ALLOWED_HOSTS = os.getenv('ALLOWED_HOSTS', '*').split(',')
 
 # CORS Configuration
 CORS_ALLOWED_ORIGINS = [
-    'http://localhost:3000',
-    'http://127.0.0.1:3000',
     'https://attunehearttherapy.com'
 ]
 
-- 
2.39.5