Senior Engineer a10ef7eb70 Harden CORS origin validation in production (FRE-4749) ...

- Add ALLOWED_ORIGINS env var with comma-separated origin list
- Validate origins at startup in production: reject wildcards, empty values,
  and malformed URLs (non-http/https protocol)
- Update both server entry points (server.ts, index.ts) to use getCorsOrigins()
- Development mode retains existing localhost fallback behavior

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-05-09 11:48:33 -04:00

..

__tests__

Fix SMS classifier test mock: add defaultScores and metadataLimits exports (FRE-4509)

2026-05-02 20:23:29 -04:00

config

Harden CORS origin validation in production (FRE-4749)

2026-05-09 11:48:33 -04:00

middleware

FRE-4533: Merge apps/{api,web,mobile} and shared-db into ShieldAI repo

2026-05-02 10:19:11 -04:00

routes

FRE-4474 Phase 5: Verify and resolve security review findings for SpamShield and Cross-Service Correlation

2026-05-02 18:36:29 -04:00

services

Consolidate @shieldai/db and @shieldsai/shared-db packages (FRE-4603)

2026-05-02 15:06:02 -04:00

index.ts

Harden CORS origin validation in production (FRE-4749)

2026-05-09 11:48:33 -04:00

server.ts

Harden CORS origin validation in production (FRE-4749)

2026-05-09 11:48:33 -04:00