fix: ignore `allowedOrigins` config for undefined `origin` header to ensure correct CORS behavior #3033

tanlethanh · 2024-08-18T04:25:14Z

Hi Flowise team,

I discovered that after configuring allowedDomains (as dynamic CORS) for a chatflow, It checks my origin header even if it is undefined. The request might be sent from a proxy server or postman and usually sends requests with undefined origin.

The error I got when requesting to /api/v1/prediction from postman or curl was:

{
    "statusCode": 500,
    "success": false,
    "message": "Invalid URL",
    "stack": {}
}

… undefined as correct cors behavior

HenryHengZJ · 2024-08-18T20:02:27Z

thank you @tanlethanh !

…ensure correct CORS behavior (FlowiseAI#3033) fix: ignore allowed origins from chatbot config when origin header is undefined as correct cors behavior

fix: ignore allowed origins from chatbot config when origin header is…

1502830

… undefined as correct cors behavior

HenryHengZJ approved these changes Aug 18, 2024

View reviewed changes

HenryHengZJ merged commit 8bb55e0 into FlowiseAI:main Aug 18, 2024
2 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: ignore `allowedOrigins` config for undefined `origin` header to ensure correct CORS behavior #3033

fix: ignore `allowedOrigins` config for undefined `origin` header to ensure correct CORS behavior #3033

tanlethanh commented Aug 18, 2024

HenryHengZJ commented Aug 18, 2024

fix: ignore allowedOrigins config for undefined origin header to ensure correct CORS behavior #3033

fix: ignore allowedOrigins config for undefined origin header to ensure correct CORS behavior #3033

Conversation

tanlethanh commented Aug 18, 2024

HenryHengZJ commented Aug 18, 2024

fix: ignore `allowedOrigins` config for undefined `origin` header to ensure correct CORS behavior #3033

fix: ignore `allowedOrigins` config for undefined `origin` header to ensure correct CORS behavior #3033