Add cors stuff

docs/AUTHENTIK_SETUP.md

@@ -363,24 +363,33 @@ Create a service account that can obtain tokens programmatically for automated t
 
 ## Environment Variables
 
-Ensure your `.env` file has the correct OIDC configuration:
+### Development (localhost only)
+
+For local development on a single machine:
 
 ```bash
-OIDC_ISSUER=http://localhost:9000/application/o/kaboot/
-OIDC_JWKS_URI=http://localhost:9000/application/o/kaboot/jwks/
+KABOOT_HOST=localhost
 ```
 
-For the frontend OIDC config (`src/config/oidc.ts`):
+### Development (network/mobile access)
 
-```typescript
-export const oidcConfig = {
-  authority: 'http://localhost:9000/application/o/kaboot/',
-  client_id: 'kaboot-spa',
-  redirect_uri: `${window.location.origin}/callback`,
-  // ... rest of config
-};
+To access from other devices (phones, tablets), set `KABOOT_HOST` to your machine's IP:
+
+```bash
+KABOOT_HOST=192.168.1.100
 ```
 
+The setup script (`./scripts/setup.sh`) auto-detects your IP and configures:
+- `.env` - Backend CORS and docker-compose variables
+- `.env.local` - Frontend Vite environment variables
+
+**Important**: You must also update redirect URIs in Authentik to include:
+- `http://<your-ip>:5173/callback`
+- `http://<your-ip>:5173/silent-renew.html`
+- `http://<your-ip>:5173`
+
+Then run the dev server with `npm run dev -- --host` to bind to all interfaces.
+
 ## Troubleshooting
 
 ### "Invalid redirect URI" error
@@ -401,12 +410,4 @@ export const oidcConfig = {
 
 ## Production Notes
 
-For production deployment:
-
-1. Use HTTPS everywhere
-2. Update all URLs from `localhost` to your domain
-3. Update redirect URIs in Authentik
-4. Update frontend OIDC config with production URLs
-5. Update `.env` with production OIDC endpoints
-6. Consider enabling Authentik error reporting
-7. Configure email settings in Authentik for password recovery
+For production deployment, see [PRODUCTION.md](./PRODUCTION.md) for full instructions.