You want to add CORS to the private network?

The private network is only accessible internally, there wouldn't be much point doing that cause no one else can access it anyway

Okay, thanks!

Also, cors is absolutely pointless outside of browsers

This is inside a browser 👍 but question answered

how would someone's browser access something via the private network?

By making a POST request through JS. This whole thing was an issue of dev env not matching deployment. Like I said, it’s fixed now

Then I must be misunderstanding something, its a private network, someone's browser can not make a request to a private domain, it would not be a very private network if you could

It was my misunderstanding. I needed to disable CORS in local dev (allow my localhost, really). When I uploaded to railway, the page refused to render, citing mixed HTTP/HTTPS. I fixed that by using a reverse proxy and didn’t stop to think I was no longer doing a request from the browser in the first place 👍

well as long as it works now!