From 8bcb7733044310fa88cabc3e7badb42d59e4a223 Mon Sep 17 00:00:00 2001
From: Bohan Jiang <52446949+Bohan-J@users.noreply.github.com>
Date: Fri, 10 Apr 2026 18:20:30 +0800
Subject: [PATCH] fix(desktop): disable web security for CORS and fix dev
 server port (#648)

- Set webSecurity: false in BrowserWindow to bypass CORS when
  connecting to remote API (standard Electron practice)
- Fix renderer dev server to port 5173 so localStorage persists
  across restarts (prevents losing login state)
---
 apps/desktop/electron.vite.config.ts | 4 ++++
 apps/desktop/src/main/index.ts       | 1 +
 2 files changed, 5 insertions(+)

diff --git a/apps/desktop/electron.vite.config.ts b/apps/desktop/electron.vite.config.ts
index 22d2fed88..2c3d00a88 100644
--- a/apps/desktop/electron.vite.config.ts
+++ b/apps/desktop/electron.vite.config.ts
@@ -11,6 +11,10 @@ export default defineConfig({
     plugins: [externalizeDepsPlugin()],
   },
   renderer: {
+    server: {
+      port: 5173,
+      strictPort: true,
+    },
     plugins: [react(), tailwindcss()],
     resolve: {
       alias: {
diff --git a/apps/desktop/src/main/index.ts b/apps/desktop/src/main/index.ts
index d9d792679..c858bee0b 100644
--- a/apps/desktop/src/main/index.ts
+++ b/apps/desktop/src/main/index.ts
@@ -17,6 +17,7 @@ function createWindow(): void {
     webPreferences: {
       preload: join(__dirname, "../preload/index.js"),
       sandbox: false,
+      webSecurity: false,
     },
   });