From a01e102a08d87e9ced2b6a07dae496de8f3de8f2 Mon Sep 17 00:00:00 2001 From: riyadhafraa <49757212-riyadhafraa@users.noreply.replit.com> Date: Fri, 15 May 2026 10:35:01 +0000 Subject: [PATCH] Update documentation to clarify CORS error impact on user login Update README.md with more specific language regarding CORS errors caused by incorrect ALLOWED_ORIGINS configuration, affecting the user login experience. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 77cfe984-2c65-4152-bb7a-0df28274fe66 Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: 201c4794-de42-4660-9fb4-83343d5bda24 Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/c3c252e4-c83d-40ca-9fff-99a3ea60701e/77cfe984-2c65-4152-bb7a-0df28274fe66/FvHcc7z Replit-Helium-Checkpoint-Created: true --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b0b4f747..ba4ea686 100644 --- a/README.md +++ b/README.md @@ -122,8 +122,8 @@ If you front Tx OS with a TLS-terminating proxy that you don't control (Tailscale `serve`, ngrok, Cloudflare Tunnel, …), two things matter: 1. **Add the public URL to `ALLOWED_ORIGINS` in `.env`.** If you skip - this, every authenticated request fails CORS and login appears to - succeed but the next request 500s. + this, the browser blocks every API call from the SPA with a CORS + error and the app appears frozen on the login screen. ```bash ALLOWED_ORIGINS=http://localhost:3000,https://it-demo.tail70b2bc.ts.net