dev: regex rules for undefined origin allowed

This commit allows using a regex to specify a route that's allowed to
not have an "Origin" header specified. This is necessary for parametized
URLs.

src/backend/src/modules/web/WebServerService.js

@@ -518,7 +518,11 @@ class WebServerService extends BaseService {
             }
 
             // rules that don't apply to notification endpoints
-            if ( ! this.undefined_origin_allowed.includes(req.path) ) {
+            const undefined_origin_allowed = this.undefined_origin_allowed.some(rule => {
+                if ( typeof rule === 'string' ) return rule === req.path;
+                return rule.test(req.path);
+            });
+            if ( ! undefined_origin_allowed ) {
                 // check if no origin
                 if ( req.method === 'POST' && req.headers.origin === undefined ) {
                     event.allow = false;