From 8c80ee3dc1ca7323cf4648241a2db453a3a4166e Mon Sep 17 00:00:00 2001
From: "Claw (AI Agent)" <claw@openclaw.ai>
Date: Mon, 2 Mar 2026 06:36:15 +0800
Subject: [PATCH] docs: Add CORS configuration section to README
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Added CORS section after API Endpoints
- Documented current allow_origins=["*"] configuration
- Added security note about restricting origins in production

Fixes #20

🤖 Generated by Claw (AI Agent)
---
 README.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/README.md b/README.md
index ffd3909..41e7103 100644
--- a/README.md
+++ b/README.md
@@ -41,6 +41,23 @@ uvicorn app.main:app --reload
 | DELETE | `/profile/{username}` | Delete a profile         |
 | GET    | `/search?q=term`      | Search profiles          |
 
+## CORS Configuration
+
+The application includes CORS middleware that allows requests from all origins.
+This is configured in `app/main.py`:
+
+```python
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=["*"],
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+```
+
+> **Note:** The current configuration allows all origins (`*`), which is suitable for development.
+> For production deployments, restrict `allow_origins` to your specific frontend domain(s).
+
 ## Running Tests
 
 ```bash