(core) updates from grist-core

app/server/lib/FlexServer.ts

@@ -1,3 +1,4 @@
+import {ApiError} from 'app/common/ApiError';
 import {delay} from 'app/common/delay';
 import {DocCreationInfo} from 'app/common/DocListAPI';
 import {encodeUrl, getSlugIfNeeded, GristLoadConfig, IGristUrlState, isOrgInPathOnly,
@@ -1753,7 +1754,7 @@ function trustOriginHandler(req: express.Request, res: express.Response, next: e
     res.header("Access-Control-Allow-Methods", "GET, PATCH, PUT, POST, DELETE, OPTIONS");
     res.header("Access-Control-Allow-Headers", "Authorization, Content-Type, X-Requested-With");
   } else {
-    throw new Error('Unrecognized origin');
+    throw new ApiError('Unrecognized origin', 403);
   }
   if ('OPTIONS' === req.method) {
     res.sendStatus(200);

package.json

@@ -1,6 +1,6 @@
 {
   "name": "grist-core",
-  "version": "0.7.9",
+  "version": "1.0.3",
   "license": "Apache-2.0",
   "description": "Grist is the evolution of spreadsheets",
   "homepage": "https://github.com/gristlabs/grist-core",

test/server/lib/DocApi.ts

@@ -2800,9 +2800,9 @@ function testDocApi() {
         error && assert.deepEqual(resp.data, {error});
         assert.equal(resp.status, status);
       }
-      await checkOrigin("https://www.toto.com", 500, "Unrecognized origin");
-      await checkOrigin("https://badexample.com", 500, "Unrecognized origin");
-      await checkOrigin("https://bad.com/example.com/toto", 500, "Unrecognized origin");
+      await checkOrigin("https://www.toto.com", 403, "Unrecognized origin");
+      await checkOrigin("https://badexample.com", 403, "Unrecognized origin");
+      await checkOrigin("https://bad.com/example.com/toto", 403, "Unrecognized origin");
       await checkOrigin("https://example.com/path", 200);
       await checkOrigin("https://good.example.com/toto", 200);
     });