mirror of
https://github.com/farcasclaudiu/Flowise.git
synced 2026-06-28 17:01:00 +03:00
fix: ignore allowedOrigins config for undefined origin header to ensure correct CORS behavior (#3033)
fix: ignore allowed origins from chatbot config when origin header is undefined as correct cors behavior
This commit is contained in:
Tan Le
@@ -26,13 +26,13 @@ const createPrediction = async (req: Request, res: Response, next: NextFunction)
|
|||||||
throw new InternalFlowiseError(StatusCodes.NOT_FOUND, `Chatflow ${req.params.id} not found`)
|
throw new InternalFlowiseError(StatusCodes.NOT_FOUND, `Chatflow ${req.params.id} not found`)
|
||||||
}
|
}
|
||||||
let isDomainAllowed = true
|
let isDomainAllowed = true
|
||||||
logger.info(`[server]: Request originated from ${req.headers.origin}`)
|
logger.info(`[server]: Request originated from ${req.headers.origin || 'UNKNOWN ORIGIN'}`)
|
||||||
if (chatflow.chatbotConfig) {
|
if (chatflow.chatbotConfig) {
|
||||||
const parsedConfig = JSON.parse(chatflow.chatbotConfig)
|
const parsedConfig = JSON.parse(chatflow.chatbotConfig)
|
||||||
// check whether the first one is not empty. if it is empty that means the user set a value and then removed it.
|
// check whether the first one is not empty. if it is empty that means the user set a value and then removed it.
|
||||||
const isValidAllowedOrigins = parsedConfig.allowedOrigins?.length && parsedConfig.allowedOrigins[0] !== ''
|
const isValidAllowedOrigins = parsedConfig.allowedOrigins?.length && parsedConfig.allowedOrigins[0] !== ''
|
||||||
if (isValidAllowedOrigins) {
|
if (isValidAllowedOrigins && req.headers.origin) {
|
||||||
const originHeader = req.headers.origin as string
|
const originHeader = req.headers.origin
|
||||||
const origin = new URL(originHeader).host
|
const origin = new URL(originHeader).host
|
||||||
isDomainAllowed =
|
isDomainAllowed =
|
||||||
parsedConfig.allowedOrigins.filter((domain: string) => {
|
parsedConfig.allowedOrigins.filter((domain: string) => {
|
||||||
|
|||||||
Reference in New Issue
Block a user