Fix CORS policy for production deployment

backend/app/main.py

@@ -27,9 +27,16 @@ app = FastAPI(
 )
 
 # CORS middleware
+origins = [
+    "http://localhost:5173",
+    "http://127.0.0.1:5173",
+    "https://sibu2-0-transport-2026.web.app",
+    "https://sibu2-0-transport-2026.firebaseapp.com",
+]
+
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=["*"],  # Configure properly for production
+    allow_origins=origins,
     allow_credentials=True,
     allow_methods=["*"],
     allow_headers=["*"],