* A first-party origin is the app itself or any `*.sim.ai` host (chat subdomains * + apex). Anything else is a third-party embed. Malformed origins are treated * as third-party.
(origin: string)
| 31 | * as third-party. |
| 32 | */ |
| 33 | function isFirstPartyOrigin(origin: string): boolean { |
| 34 | try { |
| 35 | const host = new URL(origin).hostname.toLowerCase() |
| 36 | if (host === 'sim.ai' || host.endsWith('.sim.ai')) return true |
| 37 | const appUrl = getEnv('NEXT_PUBLIC_APP_URL') |
| 38 | if (appUrl && host === new URL(appUrl).hostname.toLowerCase()) return true |
| 39 | return false |
| 40 | } catch { |
| 41 | return false |
| 42 | } |
| 43 | } |
| 44 | |
| 45 | /** |
| 46 | * Gates cross-origin (embedded) chat requests behind a paid plan on hosted. |
no test coverage detected