7973cb321e
Some checks failed
CI / API Lint (push) Has been cancelled
CI / Detect changes (push) Has been cancelled
CI / API Tests (push) Has been cancelled
CI / Scanner Lint (push) Has been cancelled
CI / Scanner Tests (push) Has been cancelled
CI / Banner Lint & Typecheck (push) Has been cancelled
CI / Banner Tests (push) Has been cancelled
CI / Banner Build (push) Has been cancelled
CI / Admin UI Typecheck (push) Has been cancelled
CI / Admin UI Tests (push) Has been cancelled
CI / Admin UI Build (push) Has been cancelled
DynamicCORSMedium middleware resolves the calling site's registered
domains (Site.domain + Site.additional_domains) and returns the
appropriate Access-Control-Allow-Origin header for banner script
requests to public endpoints:
- GET /api/v1/config/sites/{site_id}
- GET /api/v1/translations/{site_id}/{locale}
- POST /api/v1/consent/
Instead of hardcoding ALLOWED_ORIGINS env var, each merchant website
automatically gets CORS access as long as its domain is registered
in the site configuration.