27a3e777ae
Some checks failed
CI / Detect changes (push) Has been cancelled
CI / API Lint (push) Has been cancelled
CI / API Tests (push) Has been cancelled
CI / Scanner Lint (push) Has been cancelled
CI / Scanner Tests (push) Has been cancelled
CI / Banner Lint & Typecheck (push) Has been cancelled
CI / Banner Tests (push) Has been cancelled
CI / Banner Build (push) Has been cancelled
CI / Admin UI Typecheck (push) Has been cancelled
CI / Admin UI Tests (push) Has been cancelled
CI / Admin UI Build (push) Has been cancelled
Replace the fragile per-site dynamic CORS middleware with a public banner CORS middleware that allows non-credentialed wildcard CORS only for banner endpoints: - /api/v1/config/sites/* - /api/v1/translations/* - /api/v1/consent/ Admin/auth endpoints remain governed by the normal ALLOWED_ORIGINS based CORSMiddleware. Add regression tests for public GET/preflight behavior and for avoiding wildcard CORS on non-public endpoints.