chore: add security info, update default relayer cors config

SECURITY.md

@@ -0,0 +1,29 @@
+# Security Policy
+
+**Organization**: [0xbow](<https://0xbow.io/>)
+
+## Reporting a Vulnerability
+If you discover a security vulnerability, please **do not** open a public issue. Instead, report it by emailing our security team at [security@0xbow.io](<mailto:security@0xbow.io>).
+
+Please provide as much detail as possible, including:
+- Steps to reproduce the vulnerability
+- Any relevant code, logs, or screenshots
+- A description of the potential impact
+
+We take all security vulnerabilities seriously. Once we receive your report, we will:
+1. **Acknowledge** receipt as soon as possible.
+2. **Investigate** the issue and determine the impact.
+3. **Prepare a fix**, if necessary, and plan for disclosure.
+4. **Offer a bounty**, in case it applies.
+
+## Disclosure Policy
+We aim to publicly disclose vulnerabilities only after we have:
+1. Confirmed the vulnerability and developed patches or mitigations.
+2. Coordinated with the person or team who reported the vulnerability.
+3. Deployed solutions or made a fix available.
+
+We are grateful for the community’s contributions to maintaining the security of our projects and appreciate responsible disclosure of vulnerabilities.
+
+## Contact
+For general questions or comments about security, feel free to email [security@0xbow.io](<mailto:security@0xbow.io>).
+

packages/relayer/config.example.json

@@ -12,9 +12,13 @@
     "withdraw_amounts": {
         "0xCf7Ed3AccA5a467e9e704C703E8D87F634fB0Fc9": 100,
     },
-    "cors_allow_all": false,
+    "cors_allow_all": true,
     "allowed_domains": [
-        "http://your-domain.com",
-        "http://another-domain.com"
-    ]
+      "https://testnet.privacypools.com",
+      "https://privacypools.com",
+      "https://prod-privacy-pool-ui.vercel.app",
+      "https://staging-privacy-pool-ui.vercel.app",
+      "https://dev-privacy-pool-ui.vercel.app",
+      "http://localhost:3000"
+     ]
 }