chore(release): publish new version

- @standardnotes/api-gateway@1.91.0
 - @standardnotes/files-server@1.38.0
 - @standardnotes/home-server@1.23.0

packages/api-gateway/CHANGELOG.md

@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.91.0](https://github.com/standardnotes/server/compare/@standardnotes/api-gateway@1.90.3...@standardnotes/api-gateway@1.91.0) (2024-03-20)
+
+### Features
+
+* add CORS_ORIGIN_STRICT_MODE_ENABLED env var to determine if CORS origin should be restricted ([5c02435](https://github.com/standardnotes/server/commit/5c02435ee478b893747d3f9e41062aae12d7ff10))
+
 ## [1.90.3](https://github.com/standardnotes/server/compare/@standardnotes/api-gateway@1.90.2...@standardnotes/api-gateway@1.90.3) (2024-03-18)
 
 ### Bug Fixes

packages/api-gateway/bin/server.ts

@@ -91,6 +91,16 @@ void container.load().then((container) => {
         credentials: true,
         exposedHeaders: ['x-captcha-required'],
         origin: (requestOrigin: string | undefined, callback: (err: Error | null, origin?: string[]) => void) => {
+          const originStrictModeEnabled = env.get('CORS_ORIGIN_STRICT_MODE_ENABLED', true)
+            ? env.get('CORS_ORIGIN_STRICT_MODE_ENABLED', true) === 'true'
+            : false
+
+          if (!originStrictModeEnabled) {
+            callback(null, [requestOrigin as string])
+
+            return
+          }
+
           const requstOriginIsNotFilled = !requestOrigin || requestOrigin === 'null'
           const requestOriginatesFromTheDesktopApp = requestOrigin?.startsWith('file://')
           const requestOriginatesFromClipperForFirefox = requestOrigin?.startsWith('moz-extension://')

packages/api-gateway/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/api-gateway",
-  "version": "1.90.3",
+  "version": "1.91.0",
   "engines": {
     "node": ">=18.0.0 <21.0.0"
   },

packages/files/CHANGELOG.md

@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.38.0](https://github.com/standardnotes/server/compare/@standardnotes/files-server@1.37.12...@standardnotes/files-server@1.38.0) (2024-03-20)
+
+### Features
+
+* add CORS_ORIGIN_STRICT_MODE_ENABLED env var to determine if CORS origin should be restricted ([5c02435](https://github.com/standardnotes/server/commit/5c02435ee478b893747d3f9e41062aae12d7ff10))
+
 ## [1.37.12](https://github.com/standardnotes/server/compare/@standardnotes/files-server@1.37.11...@standardnotes/files-server@1.37.12) (2024-03-18)
 
 ### Bug Fixes

packages/files/bin/server.ts

@@ -79,6 +79,16 @@ void container.load().then((container) => {
           'Access-Control-Allow-Origin',
         ],
         origin: (requestOrigin: string | undefined, callback: (err: Error | null, origin?: string[]) => void) => {
+          const originStrictModeEnabled = env.get('CORS_ORIGIN_STRICT_MODE_ENABLED', true)
+            ? env.get('CORS_ORIGIN_STRICT_MODE_ENABLED', true) === 'true'
+            : false
+
+          if (!originStrictModeEnabled) {
+            callback(null, [requestOrigin as string])
+
+            return
+          }
+
           const requstOriginIsNotFilled = !requestOrigin || requestOrigin === 'null'
           const requestOriginatesFromTheDesktopApp = requestOrigin?.startsWith('file://')
           const requestOriginatesFromClipperForFirefox = requestOrigin?.startsWith('moz-extension://')

packages/files/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/files-server",
-  "version": "1.37.12",
+  "version": "1.38.0",
   "engines": {
     "node": ">=18.0.0 <21.0.0"
   },

packages/home-server/CHANGELOG.md

@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.23.0](https://github.com/standardnotes/server/compare/@standardnotes/home-server@1.22.68...@standardnotes/home-server@1.23.0) (2024-03-20)
+
+### Features
+
+* add CORS_ORIGIN_STRICT_MODE_ENABLED env var to determine if CORS origin should be restricted ([5c02435](https://github.com/standardnotes/server/commit/5c02435ee478b893747d3f9e41062aae12d7ff10))
+
 ## [1.22.68](https://github.com/standardnotes/server/compare/@standardnotes/home-server@1.22.67...@standardnotes/home-server@1.22.68) (2024-03-18)
 
 **Note:** Version bump only for package @standardnotes/home-server

packages/home-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/home-server",
-  "version": "1.22.68",
+  "version": "1.23.0",
   "engines": {
     "node": ">=18.0.0 <21.0.0"
   },

packages/home-server/src/Server/HomeServer.ts

@@ -137,6 +137,16 @@ export class HomeServer implements HomeServerInterface {
             credentials: true,
             exposedHeaders: ['Content-Range', 'Accept-Ranges', 'x-captcha-required'],
             origin: (requestOrigin: string | undefined, callback: (err: Error | null, origin?: string[]) => void) => {
+              const originStrictModeEnabled = env.get('CORS_ORIGIN_STRICT_MODE_ENABLED', true)
+                ? env.get('CORS_ORIGIN_STRICT_MODE_ENABLED', true) === 'true'
+                : false
+
+              if (!originStrictModeEnabled) {
+                callback(null, [requestOrigin as string])
+
+                return
+              }
+
               const requstOriginIsNotFilled = !requestOrigin || requestOrigin === 'null'
               const requestOriginatesFromTheDesktopApp = requestOrigin?.startsWith('file://')
               const requestOriginatesFromClipperForFirefox = requestOrigin?.startsWith('moz-extension://')