Feat(Security):

a. Update CORS settings
 b. Update session cookie settings
 c. Remove comments that expose project architecture (and that Claude made most of it :P)

static/js/app.js

@@ -1,8 +1,6 @@
 
-// Main entry point for the application
 'use strict';
 
-// import API from './api.js';
 import DOM from './dom.js';
 import Router from './router.js';
 
@@ -19,34 +17,24 @@ class App {
     }
 
     setupEventListeners() {
-        // Global event listeners
         // document.addEventListener('click', this.handleGlobalClick.bind(this));
-        // Add more global event listeners as needed
     }
 
     handleGlobalClick(event) {
-        // Handle global click events
     }
 
     start() {
-        // Additional startup logic
         this.initPageCurrent();
     }
 
     initPageCurrent() {
-        /*
-        _pageCurrent = Router.getPageCurrent();
-        _pageCurrent.initialize();
-        */
         this.router.loadPageCurrent();
     }
     
 }
 
-// Application instance
 const app = new App();
 
-// DOM ready handler
 function domReady(fn) {
     if (document.readyState !== 'loading') {
         fn();
@@ -55,13 +43,10 @@ function domReady(fn) {
     }
 }
 
-// Initialize and start the app when DOM is ready
 domReady(() => {
     app.initialize();
 });
 
-// Expose app to window for debugging (optional)
 window.app = app;
 
-// Export app if using modules
 export default app;