add

Backend/src/app.ts

@@ -11,10 +11,25 @@ import { RegisterRoutes } from './routes/routes';
 export function createApp(): Application {
     const app = express();
 
-    // Security middleware
-    app.use(helmet());
+    // Security middleware - Disable CSP for Swagger UI
+    app.use(helmet({
+        contentSecurityPolicy: false
+    }));
+
+    // CORS - Allow multiple origins
+    const allowedOrigins = config.cors.origin.split(',').map(o => o.trim());
     app.use(cors({
-        origin: config.cors.origin,
+        origin: (origin, callback) => {
+            // Allow requests with no origin (like mobile apps, Postman, curl)
+            if (!origin) return callback(null, true);
+
+            // Check if origin is allowed
+            if (allowedOrigins.includes('*') || allowedOrigins.includes(origin)) {
+                callback(null, true);
+            } else {
+                callback(new Error('Not allowed by CORS'));
+            }
+        },
         credentials: true
     }));
 

Backend/src/server.ts

@@ -13,9 +13,10 @@ async function startServer() {
         // Create Express app
         const app = createApp();
 
-        // Start server
-        const server = app.listen(config.port, () => {
-            logger.info(`Server running on ${config.appUrl}`);
+        // Start server - Listen on all network interfaces
+        const server = app.listen(config.port, '0.0.0.0', () => {
+            logger.info(`Server running on ${config.appUrl}`)
+            logger.info(`Server also accessible at http://0.0.0.0:${config.port}`);
             logger.info(`Environment: ${config.nodeEnv}`);
             logger.info(`Swagger docs available at ${config.appUrl}/api-docs`);
         });