fix(config): update corsResourcePolicy type to string, typecheck did not like previous method

apps/server/src/app.ts

@@ -56,12 +56,18 @@ export default async function buildApp() {
         app.use(compression()); // HTTP compression
     }
 
+    let resourcePolicy = config["Network"]["corsResourcePolicy"] as 'same-origin' | 'same-site' | 'cross-origin' | undefined;
+    if(resourcePolicy !== 'same-origin' && resourcePolicy !== 'same-site' && resourcePolicy !== 'cross-origin') {
+        log.error(`Invalid CORS Resource Policy value: '${resourcePolicy}', defaulting to 'same-origin'`);
+        resourcePolicy = 'same-origin';
+    }
+
     app.use(
         helmet({
             hidePoweredBy: false, // errors out in electron
             contentSecurityPolicy: false,
             crossOriginResourcePolicy: {
-                policy: config["Network"]["corsResourcePolicy"] || 'same-origin'
+                policy: resourcePolicy
             },
             crossOriginEmbedderPolicy: false
         })

apps/server/src/services/config.ts

@@ -98,7 +98,7 @@ export interface TriliumConfig {
         /** CORS allowed headers (comma-separated header names) */
         corsAllowHeaders: string;
         /** CORS Resource Policy ('same-origin', 'same-site', 'cross-origin') */
-        corsResourcePolicy: 'same-origin' | 'same-site' | 'cross-origin' | undefined;
+        corsResourcePolicy: string;
     };
     /** Session management configuration */
     Session: {
@@ -369,7 +369,7 @@ const configMapping = {
             standardEnvVar: 'TRILIUM_NETWORK_CORSRESOURCEPOLICY',
             aliasEnvVars: ['TRILIUM_NETWORK_CORS_RESOURCE_POLICY'],
             iniGetter: () => getIniSection("Network")?.corsResourcePolicy,
-            defaultValue: 'same-origin'
+            defaultValue: 'same-origin' as 'same-origin' | 'same-site' | 'cross-origin'
         }
     },
     Session: {