feat: ignore secret or cors for client

apps/api/src/utils/auth.ts

@@ -104,6 +104,10 @@ export async function validateSdkRequest(
     throw createError('Ingestion: Profile id is blocked by project filter');
   }
 
+  if (client.ignoreCorsAndSecret) {
+    return client;
+  }
+
   if (client.project.cors) {
     const domainAllowed = client.project.cors.find((domain) => {
       const cleanedDomain = cleanDomain(domain);

packages/db/prisma/migrations/20251029200725_ignore_secret_and_cors/migration.sql

@@ -0,0 +1,2 @@
+-- AlterTable
+ALTER TABLE "public"."clients" ADD COLUMN     "ignoreCorsAndSecret" BOOLEAN NOT NULL DEFAULT false;

packages/db/prisma/schema.prisma

@@ -250,6 +250,8 @@ model Client {
   organization   Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
   organizationId String
 
+  ignoreCorsAndSecret Boolean @default(false)
+
   createdAt DateTime @default(now())
   updatedAt DateTime @default(now()) @updatedAt