From f060d93a664dddd3b8e90dd73cdb058b0eb4b4df Mon Sep 17 00:00:00 2001 From: Riyadh Date: Fri, 15 May 2026 10:35:01 +0000 Subject: [PATCH] Update documentation to clarify CORS error impact on user login Update README.md with more specific language regarding CORS errors caused by incorrect ALLOWED_ORIGINS configuration, affecting the user login experience. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b0b4f747..ba4ea686 100644 --- a/README.md +++ b/README.md @@ -122,8 +122,8 @@ If you front Tx OS with a TLS-terminating proxy that you don't control (Tailscale `serve`, ngrok, Cloudflare Tunnel, …), two things matter: 1. **Add the public URL to `ALLOWED_ORIGINS` in `.env`.** If you skip - this, every authenticated request fails CORS and login appears to - succeed but the next request 500s. + this, the browser blocks every API call from the SPA with a CORS + error and the app appears frozen on the login screen. ```bash ALLOWED_ORIGINS=http://localhost:3000,https://it-demo.tail70b2bc.ts.net