Server: Resolves #7580: Allowed APP_BASE_URL in CORS

[carlosngo]

Resolves #7580

Current Behavior:

If request origin is not equal (or similar) to the following:

• https://joplinapp.org
• http:https://localhost:8077 (if dev)
• USER_CONTENT_BASE_URL environment variable

https://joplinapp.org is returned as the Access-Control-Allow-Origin header by default.

origin: (ctx: AppContext) => {
	const origin = ctx.request.header.origin;

	if (acceptOrigin(origin)) {
		return origin;
	} else {
		// we can't return void, so let's return one of the valid domains
		return corsAllowedDomains[0];
	}
},

This PR attempts to add the APP_BASE_URL environment variable to the allowed domains.

[github-actions]

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

[carlosngo]

Hi @laurent22, first time contributing to this repo; let me know if there's anything I can improve on 😄

[carlosngo]

I have read the CLA Document and I hereby sign the CLA

[laurent22]

Sorry I can't evaluate the impact of this change and I don't want to break existing Joplin Server installations, let alone Joplin Cloud, so I'd rather not merge. The linked issue simply asks to remove joplinapp.org, and we may do that but that's very low priority