Fix: Recorte de URL Front Para Notificaciones.

Backend/MotoresArgentinosV2.API/Program.cs

@@ -28,7 +28,7 @@ builder.Logging.AddConsole();
 builder.Logging.AddDebug();
 
 // 🔒 CORS POLICY
-var frontendUrls = (builder.Configuration["AppSettings:FrontendUrl"] ?? "http://localhost:5173").Split(',');
+var frontendUrls = (builder.Configuration["AppSettings:FrontendUrl"] ?? "http://localhost:5173" ?? "https://clasificados.eldia.com").Split(',');
 builder.Services.AddCors(options =>
 {
     options.AddPolicy("AllowSpecificOrigin",
@@ -176,7 +176,7 @@ app.Use(async (context, next) =>
                  "connect-src 'self' https: ws: wss:; " +
                  "object-src 'none'; " +
                  "base-uri 'self'; " +
-                 "form-action 'self' https://developers-ventasonline.payway.com.ar; " +
+                 "form-action 'self'; " +
                  "frame-ancestors 'none';";
     context.Response.Headers.Append("Content-Security-Policy", csp);
     context.Response.Headers.Remove("Server");
@@ -199,6 +199,23 @@ app.UseHttpsRedirection();
 app.UseStaticFiles();
 
 // 🔒 APLICAR CORS & RATE LIMIT
+app.Use(async (context, next) =>
+{
+    // Para las peticiones de imágenes, agregamos el header PNA
+    if (context.Request.Path.StartsWithSegments("/uploads"))
+    {
+        context.Response.Headers.Append("Access-Control-Allow-Private-Network", "true");
+    }
+
+    // Permitir que la petición OPTIONS pase sin más checks
+    if (context.Request.Method == "OPTIONS")
+    {
+        context.Response.StatusCode = 204; // No Content
+        return;
+    }
+
+    await next();
+});
 app.UseCors("AllowSpecificOrigin");
 app.UseRateLimiter();