From b92853824f4cd24cde27c552bf1664ac7dc247dc Mon Sep 17 00:00:00 2001
From: Nutomic <me@nutomic.com>
Date: Fri, 7 Feb 2025 16:11:44 +0000
Subject: [PATCH] Cors policy should allow any origin by default (fixes #5405)
 (#5406)

---
 crates/routes/src/utils/mod.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/crates/routes/src/utils/mod.rs b/crates/routes/src/utils/mod.rs
index 632905c90..6833e82fe 100644
--- a/crates/routes/src/utils/mod.rs
+++ b/crates/routes/src/utils/mod.rs
@@ -15,7 +15,10 @@ pub fn cors_config(settings: &Settings) -> Cors {
     .expose_any_header()
     .max_age(3600);
 
-  if cfg!(debug_assertions) || cors_origin_setting.contains(&"*".to_string()) {
+  if cfg!(debug_assertions)
+    || cors_origin_setting.is_empty()
+    || cors_origin_setting.contains(&"*".to_string())
+  {
     cors = cors.allow_any_origin();
   } else {
     cors = cors.allowed_origin(&self_origin);