[Security] Replace wildcard CORS with configurable origin allowlist

## Summary

The cloud backend currently uses wildcard CORS (`Access-Control-Allow-Origin: *`), which allows any website to make API requests. This should be replaced with a configurable origin allowlist.

## Problem

In `cloud/backend/base/hono-server.ts`, the CORS configuration allows all origins. While this simplifies development, it means any website can make authenticated requests to the Fireproof Cloud API, which is a security concern for production deployments.

## Proposed Solution

1. Create CORS middleware at `cloud/backend/middleware/cors.ts`
2. Implement origin allowlist validation with environment variable configuration
3. Add development mode that allows localhost origins
4. Replace wildcard CORS at `cloud/backend/base/hono-server.ts:165`
5. (Optional) Add origin registration API and management UI

## Expected Outcomes

- Registered domains can make API requests
- Unregistered domains receive CORS rejection
- Development mode allows localhost origins
- Environment variable for allowed origins
- Tests verify CORS behavior

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Security] Replace wildcard CORS with configurable origin allowlist #1497

Summary

Problem

Proposed Solution

Expected Outcomes

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Security] Replace wildcard CORS with configurable origin allowlist #1497

Description

Summary

Problem

Proposed Solution

Expected Outcomes

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions