Fix: Disable helmet cross-origin headers causing blank page on HTTP access via IP (#1026)

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: thomasnordquist <7721625+thomasnordquist@users.noreply.github.com>

src/server.ts

@@ -92,6 +92,12 @@ async function startServer() {
             preload: true,
           }
         : false,
+      // Disable cross-origin policies that cause blank pages when accessing via IP vs localhost
+      // These headers can block resources and cause rendering issues on HTTP-only deployments
+      crossOriginEmbedderPolicy: false, // Can block resources without proper CORP headers
+      crossOriginOpenerPolicy: false, // Can cause blank pages and window isolation issues
+      crossOriginResourcePolicy: false, // Can block cross-origin resource loading
+      originAgentCluster: false, // Causes issues when switching between localhost and IP address origins
     })
   )