Skip to content

Commit

Permalink
fix: ignore allowedOrigins config for undefined origin header to …
Browse files Browse the repository at this point in the history
…ensure correct CORS behavior (FlowiseAI#3033)

fix: ignore allowed origins from chatbot config when origin header is undefined as correct cors behavior
  • Loading branch information
tanlethanh authored and patrickalvesexperian committed Sep 3, 2024
1 parent 3da4ca7 commit c4e8abc
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions packages/server/src/controllers/predictions/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,13 @@ const createPrediction = async (req: Request, res: Response, next: NextFunction)
throw new InternalFlowiseError(StatusCodes.NOT_FOUND, `Chatflow ${req.params.id} not found`)
}
let isDomainAllowed = true
logger.info(`[server]: Request originated from ${req.headers.origin}`)
logger.info(`[server]: Request originated from ${req.headers.origin || 'UNKNOWN ORIGIN'}`)
if (chatflow.chatbotConfig) {
const parsedConfig = JSON.parse(chatflow.chatbotConfig)
// check whether the first one is not empty. if it is empty that means the user set a value and then removed it.
const isValidAllowedOrigins = parsedConfig.allowedOrigins?.length && parsedConfig.allowedOrigins[0] !== ''
if (isValidAllowedOrigins) {
const originHeader = req.headers.origin as string
if (isValidAllowedOrigins && req.headers.origin) {
const originHeader = req.headers.origin
const origin = new URL(originHeader).host
isDomainAllowed =
parsedConfig.allowedOrigins.filter((domain: string) => {
Expand Down

0 comments on commit c4e8abc

Please sign in to comment.