From f477c74e0ea335e7d509692bbc373f42b230554d Mon Sep 17 00:00:00 2001
From: Ilango <rajagopalilango@gmail.com>
Date: Tue, 27 Feb 2024 15:51:23 +0530
Subject: [PATCH] Fix allowed origins not working when they're all removed

---
 packages/server/src/index.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/packages/server/src/index.ts b/packages/server/src/index.ts
index ed666698..ef73ab5f 100644
--- a/packages/server/src/index.ts
+++ b/packages/server/src/index.ts
@@ -1227,7 +1227,9 @@ export class App {
                 logger.info(`[server]: Request originated from ${req.headers.origin}`)
                 if (chatflow.chatbotConfig) {
                     const parsedConfig = JSON.parse(chatflow.chatbotConfig)
-                    if (parsedConfig.allowedOrigins && parsedConfig.allowedOrigins.length > 0) {
+                    // check whether the first one is not empty. if it is empty that means the user set a value and then removed it.
+                    const isValidAllowedOrigins = parsedConfig.allowedOrigins[0] !== ''
+                    if (parsedConfig.allowedOrigins && parsedConfig.allowedOrigins.length > 0 && isValidAllowedOrigins) {
                         const originHeader = req.headers.origin as string
                         const origin = new URL(originHeader).host
                         isDomainAllowed = parsedConfig.allowedOrigins.includes(origin)