From 343edbff51a250ec558868706661056d8925f4c1 Mon Sep 17 00:00:00 2001
From: KernelDeimos <eric.alex.dube@gmail.com>
Date: Fri, 5 Apr 2024 16:51:57 -0400
Subject: [PATCH] Use weak CORS policy for experimental_no_subdomain

---
 packages/backend/src/services/WebServerService.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/packages/backend/src/services/WebServerService.js b/packages/backend/src/services/WebServerService.js
index d8fa500f..f8bf58b6 100644
--- a/packages/backend/src/services/WebServerService.js
+++ b/packages/backend/src/services/WebServerService.js
@@ -291,7 +291,10 @@ class WebServerService extends BaseService {
                 res.setHeader('Access-Control-Allow-Origin', origin ?? '*');
             }
             // Website(s) to allow to connect
-            if ( req.subdomains[req.subdomains.length-1] === 'api' ) {
+            if (
+                config.experimental_no_subdomain ||
+                req.subdomains[req.subdomains.length-1] === 'api'
+            ) {
                 res.setHeader('Access-Control-Allow-Origin', origin ?? '*');
                 res.setHeader('Access-Control-Allow-Credentials', 'true');
             }