logCORSRejection emits one log line per unique origin so a misconfigured ZENNOTES_ALLOWED_ORIGINS surfaces in operator logs instead of silently failing in the browser.
(origin string)
| 351 | // misconfigured ZENNOTES_ALLOWED_ORIGINS surfaces in operator logs |
| 352 | // instead of silently failing in the browser. |
| 353 | func (s *Server) logCORSRejection(origin string) { |
| 354 | if _, loaded := s.loggedOrigins.LoadOrStore(origin, struct{}{}); loaded { |
| 355 | return |
| 356 | } |
| 357 | log.Printf("CORS rejected origin %q; add it to ZENNOTES_ALLOWED_ORIGINS to allow it", origin) |
| 358 | } |
| 359 | |
| 360 | func contentSecurityPolicy() string { |
| 361 | return strings.Join([]string{ |