diff --git a/README.md b/README.md
index 51ef451..e487b3c 100644
--- a/README.md
+++ b/README.md
@@ -24,6 +24,10 @@ pnpm dev
 
 This starts a local server. You can navigate to http://127.0.0.1:5173/ to view the web application. 
 
+NOTE: As a workaround for deployment to [GitPod](https://gitpod.io/), in which the domain of each application 
+container is assigned dynamically, this application [disables the CSRF origin check](https://github.com/temporalio/reference-app-orders-web/blob/5a1044ddae5a5f110263b9c464f576384d533036/svelte.config.js#L10-L12). [Pull request #6](https://github.com/temporalio/reference-app-orders-web/pull/6) describes this in more detail, and we recommend reinstating this origin check for improved security in a 
+real-world deployment. 
+
 
 ## Building the Web Application
 
diff --git a/svelte.config.js b/svelte.config.js
index f94eeef..21376d3 100644
--- a/svelte.config.js
+++ b/svelte.config.js
@@ -6,7 +6,10 @@ const config = {
 	preprocess: vitePreprocess(),
 
 	kit: {
-		adapter: adapter()
+		adapter: adapter(),
+		csrf: {
+			checkOrigin: false,
+		}
 	}
 };