diff --git a/backend/internal/api/middleware.go b/backend/internal/api/middleware.go
index e0b3791..3c3af8e 100644
--- a/backend/internal/api/middleware.go
+++ b/backend/internal/api/middleware.go
@@ -40,3 +40,20 @@ func AuthMiddleware() gin.HandlerFunc {
 		c.Next()
 	}
 }
+
+// CORSMiddleware handles cross-origin requests from web clients
+func CORSMiddleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
+		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
+		c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
+		c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, DELETE")
+
+		if c.Request.Method == "OPTIONS" {
+			c.AbortWithStatus(204)
+			return
+		}
+
+		c.Next()
+	}
+}
diff --git a/backend/internal/api/router.go b/backend/internal/api/router.go
index 5039e10..d672380 100644
--- a/backend/internal/api/router.go
+++ b/backend/internal/api/router.go
@@ -11,6 +11,9 @@ func SetupRouter() *gin.Engine {
 
 	r := gin.Default()
 
+	// Use CORS middleware to allow web access
+	r.Use(CORSMiddleware())
+
 	// 清除代理信任警告 "[WARNING] You trusted all proxies"
 	r.SetTrustedProxies(nil)
 
diff --git a/frontend/android/app/src/main/AndroidManifest.xml b/frontend/android/app/src/main/AndroidManifest.xml
index 0a3bb1e..f11babd 100644
--- a/frontend/android/app/src/main/AndroidManifest.xml
+++ b/frontend/android/app/src/main/AndroidManifest.xml
@@ -1,8 +1,10 @@
 <manifest xmlns:android="http://schemas.android.com/apk/res/android">
+    <uses-permission android:name="android.permission.INTERNET" />
     <application
         android:label="Hightube"
         android:name="${applicationName}"
-        android:icon="@mipmap/launcher_icon">
+        android:icon="@mipmap/launcher_icon"
+        android:usesCleartextTraffic="true">
         <activity
             android:name=".MainActivity"
             android:exported="true"
diff --git a/frontend/lib/providers/settings_provider.dart b/frontend/lib/providers/settings_provider.dart
index 7ad4cd5..0f640c9 100644
--- a/frontend/lib/providers/settings_provider.dart
+++ b/frontend/lib/providers/settings_provider.dart
@@ -1,9 +1,14 @@
 import 'package:flutter/material.dart';
 import 'package:shared_preferences/shared_preferences.dart';
+import 'package:flutter/foundation.dart';
+
 class SettingsProvider with ChangeNotifier {
-  // Default server address for local development.
-  // Using 10.0.2.2 for Android emulator or localhost for Desktop.
-  String _baseUrl = "http://localhost:8080";
+  // Use 10.0.2.2 for Android emulator to access host's localhost
+  static String get _defaultUrl => (defaultTargetPlatform == TargetPlatform.android && !kIsWeb) 
+      ? "http://10.0.2.2:8080" 
+      : "http://localhost:8080";
+
+  String _baseUrl = _defaultUrl;
   Color _themeColor = Colors.blue;
 
   String get baseUrl => _baseUrl;