The allowedOrigins array only listed explicit subdomains (auth, cca, demo, app, dev) so any canvas slug subdomain like create.rspace.online was rejected by CORS. Switch to a function-based origin check that allows all *.rspace.online subdomains dynamically. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| encryptid | ||
| lib | ||