Updated allowed origins

Author: macayu17

backend/src/server.js

@@ -37,11 +37,15 @@ const limiter = rateLimit({
 app.use(helmet());
 app.use(cors({
   origin: (origin, callback) => {
+    // Log the origin for debugging
+    console.log('Incoming origin:', origin);
+
     const allowedOrigins = [
       process.env.FRONTEND_URL,
       'https://occasio.ayushh.in',
       'https://www.occasio.ayushh.in'
     ].filter(Boolean);
+    
     // Allow requests with no origin (like mobile apps or curl requests)
     if (!origin) return callback(null, true);
 
@@ -54,6 +58,11 @@ app.use(cors({
       return callback(null, true);
     }
 
+    // Explicitly allow the domain if it matches (incase of string mismatches)
+    if (origin.includes('occasio.ayushh.in')) {
+      return callback(null, true);
+    }
+
     // For now, in development we might want to be permissive if it's not matching above
     if (process.env.NODE_ENV !== 'production') {
       return callback(null, true);