MCPcopy
hub / github.com/FlowiseAI/Flowise / getAllowedAuthCorsOrigins

Function getAllowedAuthCorsOrigins

packages/server/src/utils/XSS.ts:33–41  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

31}
32
33export function getAllowedAuthCorsOrigins(): string[] {
34 const appUrl = process.env.APP_URL?.trim()
35 if (!appUrl) return []
36 try {
37 return [new URL(appUrl).origin.toLowerCase()]
38 } catch {
39 return []
40 }
41}
42
43// Endpoints that issue or refresh session tokens — must not accept wildcard origins
44const SESSION_ENDPOINTS = [

Callers 1

getCorsOptionsFunction · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected