Skip to content

Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage #5901

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
0xi4o merged 7 commits into from
Mar 23, 2026
Merged

Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage #5901

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
f174afd
Stop text-to-speach endpoint from accepting arbitrary creds
Mar 4, 2026
4fa923f
Merge branch 'main' of https://github.com/FlowiseAI/Flowise
Mar 4, 2026
97d0c8e
Stop text-to-speach endpoint from accepting arbitrary creds
Mar 4, 2026
c29271e
Merge branch 'main' into text-to-speach-fixes
yau-wd Mar 5, 2026
981ea47
Hardcoded CORS wildcard on TTS endpoint enables cross-origin credenti…
Mar 9, 2026
0fdbee0
Merge branch 'main' into text-to-speach-fixes
yau-wd Mar 10, 2026
357b9e3
add: allow tts in domain validation
0xi4o Mar 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions packages/server/src/controllers/text-to-speech/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,8 +89,6 @@ const generateTextToSpeech = async (req: Request, res: Response) => {
res.setHeader('Content-Type', 'text/event-stream')
res.setHeader('Cache-Control', 'no-cache')
res.setHeader('Connection', 'keep-alive')
res.setHeader('Access-Control-Allow-Origin', '*')
res.setHeader('Access-Control-Allow-Headers', 'Cache-Control')

const appServer = getRunningExpressApp()
const options = {
Expand Down
11 changes: 8 additions & 3 deletions packages/server/src/utils/XSS.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import { Request, Response, NextFunction } from 'express'
import sanitizeHtml from 'sanitize-html'
import { extractChatflowId, validateChatflowDomain, isPublicChatflowRequest } from './domainValidation'
import { extractChatflowId, validateChatflowDomain, isPublicChatflowRequest, isTTSGenerateRequest } from './domainValidation'

export function sanitizeMiddleware(req: Request, res: Response, next: NextFunction): void {
// decoding is necessary as the url is encoded by the browser
Expand Down Expand Up @@ -44,6 +44,7 @@ export function getCorsOptions(): any {
origin: async (origin: string | undefined, originCallback: (err: Error | null, allow?: boolean) => void) => {
const allowedOrigins = getAllowedCorsOrigins()
const isPublicChatflowReq = isPublicChatflowRequest(req.url)
const isTTSReq = isTTSGenerateRequest(req.url)
const allowedList = parseAllowedOrigins(allowedOrigins)
const originLc = origin?.toLowerCase()

Expand All @@ -53,9 +54,10 @@ export function getCorsOptions(): any {
// Global allow: '*' or exact match
const globallyAllowed = allowedOrigins === '*' || allowedList.includes(originLc)

if (isPublicChatflowReq) {
if (isPublicChatflowReq || isTTSReq) {
// Per-chatflow allowlist OR globally allowed
const chatflowId = extractChatflowId(req.url)
// TTS generate passes chatflowId in the request body, not the URL path
const chatflowId = isTTSReq ? req.body?.chatflowId : extractChatflowId(req.url)
let chatflowAllowed = false
if (chatflowId) {
try {
Expand All @@ -65,6 +67,9 @@ export function getCorsOptions(): any {
console.error('Domain validation error:', error)
chatflowAllowed = false
}
} else if (isTTSReq) {
// OPTIONS preflight has no body — allow it through so the actual POST can be validated with chatflowId
chatflowAllowed = true
}
return originCallback(null, globallyAllowed || chatflowAllowed)
}
Expand Down
15 changes: 14 additions & 1 deletion packages/server/src/utils/domainValidation.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@ import logger from './logger'
// /chatflows-streaming/{chatflowId}
const ALLOWED_SLUGS = ['/prediction/', '/public-chatbotConfig/', '/chatflows-streaming/']

// The TTS generate endpoint passes chatflowId in the request body, not the URL path
const TTS_GENERATE_PATH = '/api/v1/text-to-speech/generate'

/**
* Validates if the origin is allowed for a specific chatflow
* @param chatflowId - The chatflow ID to validate against
Expand Down Expand Up @@ -105,6 +108,16 @@ function isPublicChatflowRequest(url: string): boolean {
return extractSlugFromUrl(url) !== null
}

/**
* Checks if the request is for the TTS generate endpoint.
* This endpoint passes chatflowId in the request body rather than the URL path.
* @param url - The request URL
* @returns boolean - True if it's the TTS generate endpoint
*/
function isTTSGenerateRequest(url: string): boolean {
return url.split('?')[0] === TTS_GENERATE_PATH
}

/**
* Get the custom error message for unauthorized origin
* @param chatflowId - The chatflow ID
Expand All @@ -129,4 +142,4 @@ async function getUnauthorizedOriginError(chatflowId: string, workspaceId?: stri
}
}

export { isPublicChatflowRequest, extractChatflowId, validateChatflowDomain, getUnauthorizedOriginError }
export { isPublicChatflowRequest, isTTSGenerateRequest, extractChatflowId, validateChatflowDomain, getUnauthorizedOriginError }
Loading