| 129 | } |
| 130 | |
| 131 | function isAllowedOrigin(originHeader) { |
| 132 | const allowListRaw = process.env.BUNDLE_TRIGGER_ALLOWED_ORIGINS; |
| 133 | if (!allowListRaw || allowListRaw.trim().length === 0) { |
| 134 | return true; |
| 135 | } |
| 136 | |
| 137 | if (!originHeader || typeof originHeader !== "string") { |
| 138 | return false; |
| 139 | } |
| 140 | |
| 141 | const allowedOrigins = allowListRaw |
| 142 | .split(",") |
| 143 | .map((origin) => origin.trim()) |
| 144 | .filter(Boolean); |
| 145 | |
| 146 | return allowedOrigins.includes(originHeader); |
| 147 | } |
| 148 | |
| 149 | function isAuthorizedRequest(req) { |
| 150 | const expectedApiKey = process.env.BUNDLE_TRIGGER_API_KEY; |