farcasclaudiu/Flowise
1
0
Fork 0
mirror of https://github.com/farcasclaudiu/Flowise.git synced 2026-06-28 19:00:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix how allowed domains are checked - origin not host

Browse Source
This commit is contained in:
Ilango
2024-02-27 12:54:01 +05:30
parent 7d76c127f1
commit 930bdd5c51
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/server/src/index.ts
+4 -2
View File
@@ -1224,11 +1224,13 @@ export class App {
}) })
if (!chatflow) return res.status(404).send(`Chatflow ${req.params.id} not found`) if (!chatflow) return res.status(404).send(`Chatflow ${req.params.id} not found`)
let isDomainAllowed = true let isDomainAllowed = true
logger.info(`[server]: Request originated from ${req.headers.host}`) logger.info(`[server]: Request originated from ${req.headers.origin}`)
if (chatflow.chatbotConfig) { if (chatflow.chatbotConfig) {
const parsedConfig = JSON.parse(chatflow.chatbotConfig) const parsedConfig = JSON.parse(chatflow.chatbotConfig)
if (parsedConfig.allowedOrigins && parsedConfig.allowedOrigins.length > 0) { if (parsedConfig.allowedOrigins && parsedConfig.allowedOrigins.length > 0) {
isDomainAllowed = parsedConfig.allowedOrigins.includes(req.headers.host) const originHeader = req.headers.origin as string
const origin = new URL(originHeader).host
isDomainAllowed = parsedConfig.allowedOrigins.includes(origin)
} }
} }