From 9071a12279d14d3ff907ff7402b78ff7c8ab5d05 Mon Sep 17 00:00:00 2001
From: Andrei <andrei@cloudz.ro>
Date: Fri, 3 Oct 2025 07:18:11 +0000
Subject: [PATCH] fix: Add production domains to CORS whitelist
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Added production domains to CORS configuration:
- https://maternal.noru1.ro (production frontend)
- https://maternal-api.noru1.ro (production API/GraphQL playground)

This ensures the frontend can communicate with the backend API in production.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 maternal-app/maternal-app-backend/src/main.ts | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/maternal-app/maternal-app-backend/src/main.ts b/maternal-app/maternal-app-backend/src/main.ts
index 49b6389..4477257 100644
--- a/maternal-app/maternal-app-backend/src/main.ts
+++ b/maternal-app/maternal-app-backend/src/main.ts
@@ -42,9 +42,11 @@ async function bootstrap() {
 
   // Strict CORS configuration
   const allowedOrigins = process.env.CORS_ORIGIN?.split(',').map((o) => o.trim()) || [
-    'http://localhost:19000', // Expo dev
-    'http://localhost:3001',  // Next.js dev (legacy)
-    'http://localhost:3030',  // Next.js dev (current)
+    'http://localhost:19000',        // Expo dev
+    'http://localhost:3001',         // Next.js dev (legacy)
+    'http://localhost:3030',         // Next.js dev (current)
+    'https://maternal.noru1.ro',     // Production frontend
+    'https://maternal-api.noru1.ro', // Production API (for GraphQL playground)
   ];
 
   app.enableCors({