Remove CORS headers to enable universal image support and fix local API server settings.
## Changes
**Remove CORS Headers**
- Remove Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy headers
- Enables images from any domain (Facebook, Medium, arbitrary websites)
- Database falls back to IndexedDB mode (minimal performance impact)
**Fix Local Development Configuration**
- Set LOCAL_ENDORSER_API_SERVER to http://127.0.0.1:3000 (was "/api")
- Create .env.development with local API server config
- Fix ensureCorrectApiServer() method in HomeView.vue
- "Use Local" button now sets proper localhost address
**Fix Settings Cache Issues**
- Add PlatformServiceMixin to AccountViewView.vue
- Disable settings caching to prevent stale data
- Settings changes now apply immediately without browser refresh
## Impact
**Tradeoffs:**
- Lost: ~2x SharedArrayBuffer database performance
- Gained: Universal image support from any domain
- Result: Better user experience, database still fast via IndexedDB
**Files Modified:**
- Configuration: vite.config.*.mts, index.html, .env.development
- Source: constants/app.ts, libs/util.ts, views/*.vue, utils/PlatformServiceMixin.ts
## Rationale
For a community platform, universal image support is more critical than marginal
database performance gains. Users share images from arbitrary websites, making
CORS restrictions incompatible with Time Safari's core mission.
- Fix TypeScript compilation errors in platform services
- Add missing rotateCamera method and isNativeApp property
- Fix index.html path resolution for packaged Electron apps
- Create separate Vite config for Electron renderer process
- Migrate from nostr-tools to @nostr/tools via JSR for ESM compatibility
- Update all Vite configs to handle mixed npm/JSR package management
- Add comprehensive documentation in BUILDING.md
- Fix preload script path resolution in packaged builds
Resolves build failures with deep imports and missing UI in AppImage.
Matthew Raymer
Trent Larson
Matthew Raymer