feat: Add Railway service reference support for dynamic CORS configuration

Enable CORS configuration via Railway's dynamic service references to eliminate hardcoded URLs and support automatic URL updates on redeployment.

Key Changes:
- Added admin_panel_url and additional_cors_origins to settings
- Implemented dynamic CORS origin building from environment variables
- Created comprehensive CORS vs Authentication documentation
- Added Railway-specific CORS setup guide with service references

Benefits:
- No hardcoded URLs needed in code
- Lower latency with Railway internal routing
- Automatic updates when services are redeployed
- Clear distinction between browser-only CORS and server-side auth

Server-side team clients (Python, Node.js, curl) are unaffected by CORS restrictions - they work from anywhere with Bearer tokens.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: mrkeithelliott

.env.example

@@ -15,14 +15,18 @@ LITELLM_MASTER_KEY=sk-litellm-your-super-secure-litellm-key-here
 # Railway: http://litellm-proxy.railway.internal:4000
 LITELLM_PROXY_URL=http://localhost:8002
 
+# LiteLLM Database Storage (persist models/teams/keys in database)
+STORE_MODEL_IN_DB=True
+
 # API Keys for LLM Providers
 OPENAI_API_KEY=your-openai-api-key
 ANTHROPIC_API_KEY=your-anthropic-api-key
 
-# Redis Configuration (optional, for caching)
-REDIS_HOST=
+# Redis Configuration (required for LiteLLM caching and rate limiting)
+REDIS_HOST=localhost
 REDIS_PORT=6379
 REDIS_PASSWORD=
+REDIS_URL=redis://localhost:6379
 
 # Server Settings
 HOST=0.0.0.0

docs/admin-dashboard/overview.md

@@ -309,6 +309,14 @@ openssl rand -hex 32
 3. **IP Whitelist** - Limit access to specific IPs
 4. **Rate Limiting** - Prevent brute force attacks
 5. **Audit Logging** - Log all admin actions
+6. **CORS Configuration** - Add production admin panel URL to CORS
+
+!!! tip "CORS Configuration Required"
+    The admin panel is browser-based, so it requires CORS configuration in the SaaS API.
+
+    You must add your production admin panel URL to the `allow_origins` list in `src/saas_api.py`.
+
+    [:octicons-arrow-right-24: Learn how to configure CORS](../deployment/cors-and-authentication.md)
 
 ### Data Protection