diff --git a/.env.prod.example b/.env.prod.example
index 2f39151..490e7b0 100644
--- a/.env.prod.example
+++ b/.env.prod.example
@@ -67,5 +67,6 @@ ECONOMIC_AGREEMENT_GRANT_TOKEN=your_production_grant_here
 
 # 🚨 SAFETY SWITCHES
 # Start ALTID med begge sat til true i ny production deployment!
-ECONOMIC_READ_ONLY=true   # Set to false after thorough testing
-ECONOMIC_DRY_RUN=true     # Set to false when ready for live writes
+# VIGTIGT: Brug kun 'true' eller 'false' uden kommentarer på samme linje
+ECONOMIC_READ_ONLY=true
+ECONOMIC_DRY_RUN=true
diff --git a/app/core/config.py b/app/core/config.py
index 905e26d..724f976 100644
--- a/app/core/config.py
+++ b/app/core/config.py
@@ -17,10 +17,12 @@ class Settings(BaseSettings):
     # API
     API_HOST: str = "0.0.0.0"
     API_PORT: int = 8000
+    API_RELOAD: bool = False
     
     # Security
     SECRET_KEY: str = "dev-secret-key-change-in-production"
     ALLOWED_ORIGINS: List[str] = ["http://localhost:8000", "http://localhost:3000"]
+    CORS_ORIGINS: str = "http://localhost:8000,http://localhost:3000"
     
     # Logging
     LOG_LEVEL: str = "INFO"
@@ -65,6 +67,16 @@ class Settings(BaseSettings):
     SIMPLYCRM_USERNAME: str = ""
     SIMPLYCRM_API_KEY: str = ""
     
+    # Deployment Configuration (used by Docker/Podman)
+    POSTGRES_USER: str = "bmc_hub"
+    POSTGRES_PASSWORD: str = "bmc_hub"
+    POSTGRES_DB: str = "bmc_hub"
+    POSTGRES_PORT: int = 5432
+    RELEASE_VERSION: str = "latest"
+    GITEA_URL: str = "https://g.bmcnetworks.dk"
+    GITHUB_TOKEN: str = ""
+    GITHUB_REPO: str = "ct/bmc_hub"
+    
     class Config:
         env_file = ".env"
         case_sensitive = True
diff --git a/main.py b/main.py
index 8661e2f..e5f4ad4 100644
--- a/main.py
+++ b/main.py
@@ -79,10 +79,11 @@ app = FastAPI(
     openapi_url="/api/openapi.json"
 )
 
-# CORS middleware
+# CORS middleware - use CORS_ORIGINS if set, otherwise fallback to ALLOWED_ORIGINS
+cors_origins = settings.CORS_ORIGINS.split(",") if settings.CORS_ORIGINS else settings.ALLOWED_ORIGINS
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=settings.ALLOWED_ORIGINS,
+    allow_origins=cors_origins,
     allow_credentials=True,
     allow_methods=["*"],
     allow_headers=["*"],