From b167d94eada4ee4369cec02eb4f0f5284a3bd745 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Sun, 5 Oct 2025 16:50:46 -0700
Subject: [PATCH] update cors to check array

---
 server/middlewares/private/corsWithLoginPage.ts | 7 +++++++
 src/actions/server.ts                           | 1 -
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/server/middlewares/private/corsWithLoginPage.ts b/server/middlewares/private/corsWithLoginPage.ts
index 03725c50..95867fa1 100644
--- a/server/middlewares/private/corsWithLoginPage.ts
+++ b/server/middlewares/private/corsWithLoginPage.ts
@@ -78,6 +78,13 @@ export function corsWithLoginPageSupport(corsConfig: any) {
                     return callback(null, true);
                 }
 
+                if (
+                    corsConfig?.origins &&
+                    corsConfig.origins.includes(origin)
+                ) {
+                    return callback(null, true);
+                }
+
                 // If origin doesn't match dashboard URL, check if it's a valid loginPage domain
                 const isValidDomain = await isValidLoginPageDomain(originHost);
 
diff --git a/src/actions/server.ts b/src/actions/server.ts
index a6ccff8c..b9dc6e55 100644
--- a/src/actions/server.ts
+++ b/src/actions/server.ts
@@ -62,7 +62,6 @@ function parseSetCookieString(
             : new URL(env.app.dashboardUrl).hostname;
         if (d) {
             options.domain = d;
-            console.log("Setting cookie domain to:", d);
         }
     }