MCPcopy
hub / github.com/FlowiseAI/Flowise / validateCorsConfig

Function validateCorsConfig

packages/server/src/utils/XSS.ts:72–81  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

70}
71
72export function validateCorsConfig(): void {
73 if (getAllowedCorsOrigins() === '*' && getAllowCredentials()) {
74 logger.warn(
75 '[CORS] Unsafe configuration detected: CORS_ORIGINS=* cannot be combined with ' +
76 'CORS_ALLOW_CREDENTIALS=true. Access-Control-Allow-Credentials has been forced to false. ' +
77 'To allow credentialed cross-origin requests, set CORS_ORIGINS to an explicit comma-separated ' +
78 'list of trusted origins instead of *.'
79 )
80 }
81}
82
83export function getCorsOptions(): any {
84 return (req: any, callback: (err: Error | null, options?: any) => void) => {

Callers 2

configMethod · 0.90
XSS.test.tsFile · 0.90

Calls 2

getAllowedCorsOriginsFunction · 0.85
getAllowCredentialsFunction · 0.85

Tested by

no test coverage detected