- Add CORS_ALLOWED_ORIGINS environment variable support in Django settings
- Use environment variable in docker-compose.yml (no hardcoded domains)
- Update .env.example with CORS configuration documentation
- Add comprehensive PWA offline debugging guide
SECURITY: Private domains should be set in local .env file, not in repo
