Add docs for FRONTEND_URL env var

.gitignore

@@ -1,3 +1,2 @@
 /graphics
 .DS_Store
-/browser-extension/*.zip

README.md

@@ -13,6 +13,10 @@ If you find any bugs or have a feature request, please create an issue by <a hre
 
 If you speak a language other than English and you want to help translate Crab Fit, fill out this form: https://forms.gle/azz1yGqhpLUka45S9
 
+### Pull requests
+
+If you see an issue you want to fix, or want to implement a feature you think would be useful, please feel free to open a pull request with your changes. If you can, please open an issue about the bug or feature you want to work on before starting your PR, to prevent work duplication and give others a chance to improve your idea.
+
 ## Setup
 
 1. Clone the repo and ensure you have `node`, `yarn` and `rust` installed on your machine.

api/README.md

@@ -25,6 +25,12 @@ Some adaptors require environment variables to be set. You can specify them in a
 
 See [adding an adaptor](adaptors/README.md#adding-an-adaptor) in the adaptors readme.
 
-## Cleanup task
+## Environment
+
+### CORS
+
+In release mode, a `FRONTEND_URL` environment variable is required to correctly restrict cross-origin requests to the frontend.
+
+### Cleanup task
 
 By default, anyone can run the cleanup task at `/tasks/cleanup`. This is usually not an issue, as it's based on when the events were last visited, and not when it's run, but if you'd prefer to restrict runs of the cleanup task (as it can be intensive), set a `CRON_KEY` environment variable in `.env`. This will require sending an `X-Cron-Key` header to the route with a value that matches `CRON_KEY`, or the route will return a 401 Unauthorized error.

browser-extension/.gitignore

@@ -0,0 +1 @@
+*.zip