fix: ignore allowedOrigins config for undefined origin header to …

…ensure correct CORS behavior (#3033) fix: ignore allowed origins from chatbot config when origin header is undefined as correct cors behavior
FlowiseAI · Aug 18, 2024 · 8bb55e0 · 8bb55e0
1 parent 2e689f2
commit 8bb55e0
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/packages/server/src/controllers/predictions/index.ts b/packages/server/src/controllers/predictions/index.ts
@@ -26,13 +26,13 @@ const createPrediction = async (req: Request, res: Response, next: NextFunction)
             throw new InternalFlowiseError(StatusCodes.NOT_FOUND, `Chatflow ${req.params.id} not found`)
         }
         let isDomainAllowed = true
-        logger.info(`[server]: Request originated from ${req.headers.origin}`)
+        logger.info(`[server]: Request originated from ${req.headers.origin || 'UNKNOWN ORIGIN'}`)
         if (chatflow.chatbotConfig) {
             const parsedConfig = JSON.parse(chatflow.chatbotConfig)
             // check whether the first one is not empty. if it is empty that means the user set a value and then removed it.
             const isValidAllowedOrigins = parsedConfig.allowedOrigins?.length && parsedConfig.allowedOrigins[0] !== ''
-            if (isValidAllowedOrigins) {
-                const originHeader = req.headers.origin as string
+            if (isValidAllowedOrigins && req.headers.origin) {
+                const originHeader = req.headers.origin
                 const origin = new URL(originHeader).host
                 isDomainAllowed =
                     parsedConfig.allowedOrigins.filter((domain: string) => {