Problem
server.js hardcodes two production-blocking values:
- Listen port 80 — requires root or a
setcap to run, blocking npm start for non-privileged users and most containers.
- CORS origin
http://localhost:4200 — unusable in any real deployment without editing the file.
Scope
- Read the listen port from
process.env.PORT with a sensible default (e.g., 3000).
- Read the CORS origin from
process.env.CORS_ORIGIN, accepting a single origin or a comma-separated list. Document a safe default.
- Add an Environment Variables section to
README.md and ship a .env.example.
Acceptance criteria
Proudly Made in Nebraska. Go Big Red! 🌽 https://xkcd.com/1654/
Problem
server.jshardcodes two production-blocking values:setcapto run, blockingnpm startfor non-privileged users and most containers.http://localhost:4200— unusable in any real deployment without editing the file.Scope
process.env.PORTwith a sensible default (e.g.,3000).process.env.CORS_ORIGIN, accepting a single origin or a comma-separated list. Document a safe default.README.mdand ship a.env.example.Acceptance criteria
PORT=3000 npm startworks for a non-root user.CORS_ORIGIN=https://example.com node server.jsenforces that origin only..env.exampleis committed with placeholder values.Proudly Made in Nebraska. Go Big Red! 🌽 https://xkcd.com/1654/