removed dead code

backend/server.js

@@ -138,13 +138,6 @@ app.use(
 // Apply input sanitization to all API routes (XSS prevention)
 app.use("/api/", sanitizeInput);
 
-// Serve static files from uploads directory with CORS headers
-app.use(
-  "/uploads",
-  helmet.crossOriginResourcePolicy({ policy: "cross-origin" }),
-  express.static(path.join(__dirname, "uploads"))
-);
-
 // Health check endpoints (no auth, no rate limiting)
 app.use("/health", healthRoutes);