From 7d16bdc43612ffab6736805e8f4368c4d4d1eb03 Mon Sep 17 00:00:00 2001
From: cottongin <cottongin@users.noreply.github.com>
Date: Sat, 17 Jan 2026 11:24:23 -0500
Subject: [PATCH] update CORS.md

---
 CORS.md | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/CORS.md b/CORS.md
index 0f2234d..7a39535 100644
--- a/CORS.md
+++ b/CORS.md
@@ -71,4 +71,19 @@ curl -I -X OPTIONS -H "Origin: https://echo-reality.com" \
   "https://feed.falsefinish.club/Echo%20Reality/PINK%20FLIGHT/MP3%20BOUNCE/01.%20PINK%20FLIGHT%20ATTENDANT.mp3"
 ```
 
-The response should include the `Access-Control-Allow-Origin: https://echo-reality.com` header.
\ No newline at end of file
+The response should include the `Access-Control-Allow-Origin: https://echo-reality.com` header.
+
+### Quick test `.htaccess` for DreamHost
+
+```apache
+# TEMPORARY - Allow all origins for testing
+<IfModule mod_headers.c>
+    <FilesMatch "\.(mp3|mp4|wav|ogg|m4a)$">
+        Header set Access-Control-Allow-Origin "*"
+        Header set Access-Control-Allow-Methods "GET, HEAD, OPTIONS"
+        Header set Access-Control-Expose-Headers "ETag, Last-Modified, Content-Length"
+    </FilesMatch>
+</IfModule>
+```
+
+This limits the wildcard CORS to just media files, which is a reasonable middle ground—your audio files are publicly accessible but you're not opening up everything on the domain.
\ No newline at end of file