FlowiseAI · 0xi4o · Oct 10, 2025 · Oct 13, 2025 · Oct 14, 2025 · Oct 14, 2025
diff --git a/packages/server/src/services/chatflows/index.ts b/packages/server/src/services/chatflows/index.ts
@@ -374,6 +374,8 @@ const getSinglePublicChatbotConfig = async (chatflowId: string): Promise<any> =>
                         }
                     })
                 }
+                delete parsedConfig.allowedOrigins
+                delete parsedConfig.allowedOriginsError
                 return { ...parsedConfig, uploads: uploadsConfig, flowData: dbResponse.flowData, isTTSEnabled }
             } catch (e) {
                 throw new InternalFlowiseError(StatusCodes.INTERNAL_SERVER_ERROR, `Error parsing Chatbot Config for Chatflow ${chatflowId}`)

diff --git a/packages/server/src/utils/XSS.ts b/packages/server/src/utils/XSS.ts
@@ -1,5 +1,6 @@
 import { Request, Response, NextFunction } from 'express'
 import sanitizeHtml from 'sanitize-html'
+import { isPredictionRequest, extractChatflowId, validateChatflowDomain } from './domainValidation'
 
 export function sanitizeMiddleware(req: Request, res: Response, next: NextFunction): void {
     // decoding is necessary as the url is encoded by the browser
@@ -21,21 +22,64 @@ export function sanitizeMiddleware(req: Request, res: Response, next: NextFuncti
 
 export function getAllowedCorsOrigins(): string {
     // Expects FQDN separated by commas, otherwise nothing or * for all.
-    return process.env.CORS_ORIGINS ?? '*'
+    // return process.env.CORS_ORIGINS ?? '*'
+    return process.env.CORS_ORIGINS as string
+}
+
+function parseAllowedOrigins(allowedOrigins: string): string[] {
+    if (!allowedOrigins) {
+        return []
+    }
+    if (allowedOrigins === '*') {
+        return ['*']
+    }
+    return allowedOrigins
+        .split(',')
+        .map((origin) => origin.trim().toLowerCase())
+        .filter((origin) => origin.length > 0)
 }
 
 export function getCorsOptions(): any {
-    const corsOptions = {
-        origin: function (origin: string | undefined, callback: (err: Error | null, allow?: boolean) => void) {
-            const allowedOrigins = getAllowedCorsOrigins()
-            if (!origin || allowedOrigins == '*' || allowedOrigins.indexOf(origin) !== -1) {
-                callback(null, true)
-            } else {
-                callback(null, false)
+    return (req: any, callback: (err: Error | null, options?: any) => void) => {
+        const corsOptions = {
+            origin: async (origin: string | undefined, originCallback: (err: Error | null, allow?: boolean) => void) => {
+                const allowedOrigins = getAllowedCorsOrigins()
+                const isPredictionReq = isPredictionRequest(req.url)
+
+                if (!origin || allowedOrigins === '*') {
+                    await checkRequestType(isPredictionReq, req, origin, originCallback)
+                } else {
+                    const allowedOriginsList = parseAllowedOrigins(allowedOrigins)
+                    if (origin && allowedOriginsList.includes(origin)) {
+                        await checkRequestType(isPredictionReq, req, origin, originCallback)
+                    } else {
+                        originCallback(null, false)
+                    }
+                }
             }
         }
+        callback(null, corsOptions)
+    }
+}
+
+async function checkRequestType(
+    isPredictionReq: boolean,
+    req: any,
+    origin: string | undefined,
+    originCallback: (err: Error | null, allow?: boolean) => void
+) {
+    if (isPredictionReq) {
+        const chatflowId = extractChatflowId(req.url)
+        if (chatflowId && origin) {
+            const isAllowed = await validateChatflowDomain(chatflowId, origin, req.user?.activeWorkspaceId)
+
+            originCallback(null, isAllowed)
+        } else {
+            originCallback(null, true)
+        }
+    } else {
+        originCallback(null, true)
     }
-    return corsOptions
 }
 
 export function getAllowedIframeOrigins(): string {

diff --git a/packages/server/src/utils/domainValidation.ts b/packages/server/src/utils/domainValidation.ts
@@ -0,0 +1,103 @@
+import chatflowsService from '../services/chatflows'
+import logger from './logger'
+
+/**
+ * Validates if the origin is allowed for a specific chatflow
+ * @param chatflowId - The chatflow ID to validate against
+ * @param origin - The origin URL to validate
+ * @param workspaceId - Optional workspace ID for enterprise features
+ * @returns Promise<boolean> - True if domain is allowed, false otherwise
+ */
+async function validateChatflowDomain(chatflowId: string, origin: string, workspaceId?: string): Promise<boolean> {
+    try {
+        // TODO: Add workspaceId from here
+        const chatflow = await chatflowsService.getChatflowById(chatflowId)
+
+        if (!chatflow?.chatbotConfig) {
+            logger.info(`No chatbotConfig found for chatflow ${chatflowId}, allowing domain`)
+            return true
+        }
+
+        const config = JSON.parse(chatflow.chatbotConfig)
+
+        // If no allowed origins configured or first entry is empty, allow all
+        if (!config.allowedOrigins?.length || config.allowedOrigins[0] === '') {
+            logger.info(`No domain restrictions configured for chatflow ${chatflowId}`)
+            return true
+        }
+
+        const originHost = new URL(origin).host
+        const isAllowed = config.allowedOrigins.some((domain: string) => {
+            try {
+                const allowedOrigin = new URL(domain).host
+                return originHost === allowedOrigin
+            } catch (error) {
+                logger.warn(`Invalid domain format in allowedOrigins: ${domain}`)
+                return false
+            }
+        })
+
+        logger.info(`Domain validation for ${origin} against chatflow ${chatflowId}: ${isAllowed}`)
+        return isAllowed
+    } catch (error) {
+        logger.error(`Error validating domain for chatflow ${chatflowId}:`, error)
+        return false
+    }
+}
+
+/**
+ * Extracts chatflow ID from prediction URL
+ * @param url - The request URL
+ * @returns string | null - The chatflow ID or null if not found
+ */
+function extractChatflowId(url: string): string | null {
+    try {
+        const urlParts = url.split('/')
+        const predictionIndex = urlParts.indexOf('prediction')
+
+        if (predictionIndex !== -1 && urlParts.length > predictionIndex + 1) {
+            const chatflowId = urlParts[predictionIndex + 1]
+            // Remove query parameters if present
+            return chatflowId.split('?')[0]
+        }
+
+        return null
+    } catch (error) {
+        logger.error('Error extracting chatflow ID from URL:', error)
+        return null
+    }
+}
+
+/**
+ * Validates if a request is a prediction request
+ * @param url - The request URL
+ * @returns boolean - True if it's a prediction request
+ */
+function isPredictionRequest(url: string): boolean {
+    return url.includes('/prediction/')
+}
+
+/**
+ * Get the custom error message for unauthorized origin
+ * @param chatflowId - The chatflow ID
+ * @param workspaceId - Optional workspace ID
+ * @returns Promise<string> - Custom error message or default
+ */
+async function getUnauthorizedOriginError(chatflowId: string, workspaceId?: string): Promise<string> {
+    try {
+        // TODO: Add workspaceId from here
+        const chatflow = await chatflowsService.getChatflowById(chatflowId)
+
+        if (chatflow?.chatbotConfig) {
+            const config = JSON.parse(chatflow.chatbotConfig)
+            return config.allowedOriginsError || 'This site is not allowed to access this chatbot'
+        }
+
+        return 'This site is not allowed to access this chatbot'
+    } catch (error) {
+        logger.error(`Error getting unauthorized origin error for chatflow ${chatflowId}:`, error)
+        return 'This site is not allowed to access this chatbot'
+    }
+}
+
+export { isPredictionRequest, extractChatflowId, validateChatflowDomain, getUnauthorizedOriginError }