From 17d76d628040c22b78e43eaea26965abd0eceb0e Mon Sep 17 00:00:00 2001
From: web3dev1337 <160291380+web3dev1337@users.noreply.github.com>
Date: Tue, 7 Apr 2026 15:56:00 +1000
Subject: [PATCH] fix: allow WSL2 172.x subnet in CORS origin whitelist
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

WSL2 uses a 172.x.x.x virtual network — browsers connecting via
the WSL IP were rejected by the CORS policy added in the
public-release security hardening.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 server/index.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/server/index.js b/server/index.js
index e0ff7c97..4decef5a 100644
--- a/server/index.js
+++ b/server/index.js
@@ -238,7 +238,8 @@ const io = new Server(httpServer, {
         origin.startsWith('http://localhost:') ||
         origin.startsWith('http://127.0.0.1:') ||
         origin.startsWith('http://[::1]:') ||
-        origin.startsWith('http://100.');
+        origin.startsWith('http://100.') ||
+        origin.startsWith('http://172.');
 
       if (allowed) {
         callback(null, true);