From 85a98597951d122372549d8ea7794f86e782d8fe Mon Sep 17 00:00:00 2001
From: Seung Park <seung.park@mongodb.com>
Date: Thu, 20 Mar 2025 09:15:28 -0400
Subject: [PATCH 1/5] allow origins of netlify and our mongodb domain

---
 src/app.ts   | 10 ++++++++--
 src/utils.ts | 17 +++++++++++++++++
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/src/app.ts b/src/app.ts
index 91362e3..b87d2fd 100644
--- a/src/app.ts
+++ b/src/app.ts
@@ -11,7 +11,7 @@ import { connect } from './services/client';
 import { initDb } from './services/database';
 import { initPoolDb } from './services/pool';
 import { createMessage, initiateLogger } from './services/logger';
-import { getRequestId } from './utils';
+import { getRequestId, isPermittedOrigin } from './utils';
 
 interface AppSettings {
   mongoClient?: MongoClient;
@@ -33,13 +33,19 @@ const errorHandler: ErrorRequestHandler = (err, req, res, _next) => {
   }
 };
 
-const reqHandler: RequestHandler = (req, _res, next) => {
+const reqHandler: RequestHandler = (req, res, next) => {
   const reqId = new ObjectId().toString();
   // Custom header specifically for a request ID. This ID will be used to track
   // logs related to the same request
   req.headers['req-id'] = reqId;
   const message = `Request for: ${req.url}`;
   logger.info(createMessage(message, reqId));
+
+  // allow cross origin requests from our web servers
+  const origin = req.headers.origin;
+  if (origin && isPermittedOrigin(origin)) {
+    res.append('Access-Control-Allow-Origin', origin);
+  }
   next();
 };
 
diff --git a/src/utils.ts b/src/utils.ts
index a1a65cd..1222dbf 100644
--- a/src/utils.ts
+++ b/src/utils.ts
@@ -24,3 +24,20 @@ export const assertTrailingSlash = (str: string) => {
   }
   return `${str}/`;
 };
+
+const STAGING_HOSTNAME = 'docs-mongodb-org-stg.s3.us-east-2.amazonaws.com';
+const PROD_HOSTNAME = 'mongodb.com';
+
+export const isPermittedOrigin = (origin: string | undefined) => {
+  if (!origin) return;
+  let url;
+  try {
+    url = new URL(origin);
+  } catch (err) {
+    return;
+  }
+  return (
+    url.protocol == 'https:' &&
+    (url.hostname === STAGING_HOSTNAME || url.hostname.split('.').slice(-2).join('.') === PROD_HOSTNAME)
+  );
+};

From 69ad0cdcfe39575e1dbf3738f456adb037b01fe4 Mon Sep 17 00:00:00 2001
From: Seung Park <seung.park@mongodb.com>
Date: Thu, 20 Mar 2025 09:15:46 -0400
Subject: [PATCH 2/5] update to netlify

---
 src/utils.ts | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/utils.ts b/src/utils.ts
index 1222dbf..bcfd515 100644
--- a/src/utils.ts
+++ b/src/utils.ts
@@ -25,7 +25,7 @@ export const assertTrailingSlash = (str: string) => {
   return `${str}/`;
 };
 
-const STAGING_HOSTNAME = 'docs-mongodb-org-stg.s3.us-east-2.amazonaws.com';
+const STAGING_HOSTNAME = 'netlify.app';
 const PROD_HOSTNAME = 'mongodb.com';
 
 export const isPermittedOrigin = (origin: string | undefined) => {
@@ -38,6 +38,7 @@ export const isPermittedOrigin = (origin: string | undefined) => {
   }
   return (
     url.protocol == 'https:' &&
-    (url.hostname === STAGING_HOSTNAME || url.hostname.split('.').slice(-2).join('.') === PROD_HOSTNAME)
+    (url.hostname.split('.').slice(-2).join('.') === STAGING_HOSTNAME ||
+      url.hostname.split('.').slice(-2).join('.') === PROD_HOSTNAME)
   );
 };

From 9583aac7658ac33c8e85a047372b7ea3ea924024 Mon Sep 17 00:00:00 2001
From: Seung Park <seung.park@mongodb.com>
Date: Thu, 20 Mar 2025 09:23:18 -0400
Subject: [PATCH 3/5] stage changes

---
 .drone.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.drone.yml b/.drone.yml
index ee09c09..1273c79 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -6,6 +6,7 @@ name: test
 trigger:
   branch:
   - main
+  - DOP-5513
   event:
   - push
   - tag
@@ -28,6 +29,7 @@ name: staging-build
 trigger:
   branch:
   - main
+  - DOP-5513
   event:
   - push
 

From 6c56fdf5604c09519a129f961699b71cedf2a7a0 Mon Sep 17 00:00:00 2001
From: Seung Park <seung.park@mongodb.com>
Date: Thu, 20 Mar 2025 10:13:17 -0400
Subject: [PATCH 4/5] address comments

---
 src/utils.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/utils.ts b/src/utils.ts
index bcfd515..3b21fc5 100644
--- a/src/utils.ts
+++ b/src/utils.ts
@@ -29,15 +29,15 @@ const STAGING_HOSTNAME = 'netlify.app';
 const PROD_HOSTNAME = 'mongodb.com';
 
 export const isPermittedOrigin = (origin: string | undefined) => {
-  if (!origin) return;
+  if (!origin) return false;
   let url;
   try {
     url = new URL(origin);
   } catch (err) {
-    return;
+    return false;
   }
   return (
-    url.protocol == 'https:' &&
+    url.protocol === 'https:' &&
     (url.hostname.split('.').slice(-2).join('.') === STAGING_HOSTNAME ||
       url.hostname.split('.').slice(-2).join('.') === PROD_HOSTNAME)
   );

From f2a257018a071ccff4c01c61d8d8997b8b4fa52e Mon Sep 17 00:00:00 2001
From: Seung Park <seung.park@mongodb.com>
Date: Thu, 20 Mar 2025 10:26:31 -0400
Subject: [PATCH 5/5] revert testing

---
 .drone.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 1273c79..ee09c09 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -6,7 +6,6 @@ name: test
 trigger:
   branch:
   - main
-  - DOP-5513
   event:
   - push
   - tag
@@ -29,7 +28,6 @@ name: staging-build
 trigger:
   branch:
   - main
-  - DOP-5513
   event:
   - push