Update RELEASE.md with CSRF_SECRET instructions

Added instructions for the required CSRF_SECRET environment variable for CSRF protection in Kubernetes deployments.

VERSION

@@ -1 +1 @@
-0.3.1
+0.3.0

backend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "backend",
-  "version": "0.3.1",
+  "version": "0.3.0",
   "description": "",
   "main": "index.js",
   "scripts": {

backend/src/index.ts

@@ -129,12 +129,6 @@ const initializeUploadDir = async () => {
 };
 
 const app = express();
-
-// Trust proxy headers (X-Forwarded-For, X-Real-IP) from nginx
-// Required for correct client IP detection when running behind a reverse proxy
-// This fixes CSRF token validation failures in Docker/K8s environments
-app.set("trust proxy", 1);
-
 const httpServer = createServer(app);
 const io = new Server(httpServer, {
   cors: {

frontend/package.json

@@ -1,7 +1,7 @@
 {
   "name": "frontend",
   "private": true,
-  "version": "0.3.1",
+  "version": "0.3.0",
   "type": "module",
   "scripts": {
     "dev": "vite",