diff --git a/src/components/TopicView.jsx b/src/components/TopicView.jsx
index 3ed9b4f..5228a6c 100644
--- a/src/components/TopicView.jsx
+++ b/src/components/TopicView.jsx
@@ -7,13 +7,13 @@ import { LEGACY_BASE_URL, REST_BASE_URL } from '../data/topics'
 const ADMIN_SECRET = 'nearle-admin-secret'
 
 function toProxyPath(fullUrl) {
-  // In dev, route REST through the Vite proxy (/live → jupiter.nearle.app)
-  // to bypass CORS restrictions on localhost.
-  if (import.meta.env.DEV && fullUrl.startsWith(REST_BASE_URL)) {
+  // REST: always strip to a relative /live/... path so the request goes through
+  // the local server proxy (Vite dev/preview, or nginx in production).
+  // This avoids CORS entirely — the browser never talks to jupiter.nearle.app directly.
+  if (fullUrl.startsWith(REST_BASE_URL)) {
     return fullUrl.slice(REST_BASE_URL.length)
   }
-  // Legacy (api.workolik.com): CORS open, admin secret injected in headers.
-  // REST in production: deployed origin is whitelisted by jupiter.nearle.app.
+  // Legacy (api.workolik.com): CORS is open, admin secret injected in headers.
   return fullUrl
 }
 
diff --git a/vite.config.js b/vite.config.js
index 51182d8..356f83e 100644
--- a/vite.config.js
+++ b/vite.config.js
@@ -11,28 +11,34 @@ export default defineConfig(({ mode }) => {
     console.warn('[xpress-docs] HASURA_ADMIN_SECRET is not set in .env.local; proxied requests will hit the API without auth.')
   }
 
+  const proxyConfig = {
+    '/api': {
+      target: 'https://api.workolik.com',
+      changeOrigin: true,
+      secure: true,
+      configure: (proxy) => {
+        proxy.on('proxyReq', (proxyReq) => {
+          if (secret) proxyReq.setHeader('x-hasura-admin-secret', secret)
+        })
+      }
+    },
+    '/live': {
+      target: 'https://jupiter.nearle.app',
+      changeOrigin: true,
+      secure: true,
+    }
+  }
+
   return {
     plugins: [react()],
     server: {
       port: 5173,
       open: true,
-      proxy: {
-        '/api': {
-          target: 'https://api.workolik.com',
-          changeOrigin: true,
-          secure: true,
-          configure: (proxy) => {
-            proxy.on('proxyReq', (proxyReq) => {
-              if (secret) proxyReq.setHeader('x-hasura-admin-secret', secret)
-            })
-          }
-        },
-        '/live': {
-          target: 'https://jupiter.nearle.app',
-          changeOrigin: true,
-          secure: true,
-        }
-      }
+      proxy: proxyConfig,
+    },
+    preview: {
+      port: 4173,
+      proxy: proxyConfig,
     }
   }
 })