fix: add Vercel URL to CORS allowed origins

[Codewithaiyan]

No description provided.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
vibe-guard	Ready	Preview, Comment	May 27, 2026 6:30pm

[github-actions]

🛡️ VibeGuard Security Scan Results

File	Trust Score	Risk Level
backend/main.py	70/100	MEDIUM

Vulnerabilities Found

backend/main.py

• Hardcoded Secrets (Line 10)
  Description: The code uses environment variables to load configuration, but if the .env file is exposed or contains hardcoded secrets, it can lead to security issues.
  Fix suggestion: Ensure that the .env file is not included in version control and use secret management solutions for sensitive data.
• Missing Input Validation (Line 26)
  Description: The '/scan' endpoint does not validate the content of the 'code' field, which could lead to code injection or other attacks.
  Fix suggestion: Implement input validation and sanitization for the 'code', 'language', and 'filename' fields.
• CORS Configuration (Line 17)
  Description: The CORS configuration allows all methods and headers, which may expose the API to CSRF attacks.
  Fix suggestion: Restrict allowed methods and headers to only those that are necessary for the application.

---

Powered by VibeGuard 🛡️