[PR #5759] [MERGED] feat(embed): opt-in deny-by-default for embeds with no allowlist #5556

Closed
opened 2026-06-05 15:21:44 -04:00 by yindo · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/Mintplex-Labs/anything-llm/pull/5759
Author: @dmitrymaranik
Created: 6/4/2026
Status: Merged
Merged: 6/6/2026
Merged by: @timothycarambat

Base: masterHead: embed-deny-no-allowlist


📝 Commits (4)

  • c7a314b feat(embed): opt-in deny-by-default for embeds with no allowlist
  • 33c572b chore(embed): persist EMBED_REQUIRE_ALLOWLIST in dumpENV protectedKeys
  • ae86dc0 update to spec
  • da48d64 Merge branch 'master' into embed-deny-no-allowlist

📊 Changes

5 files changed (+52 additions, -0 deletions)

View changed files

📝 docker/.env.example (+9 -0)
📝 server/.env.example (+9 -0)
📝 server/models/embedConfig.js (+13 -0)
📝 server/utils/helpers/updateENV.js (+3 -0)
📝 server/utils/middleware/embedMiddleware.js (+18 -0)

📄 Description

Resolves #5758.

What & why

An embed created without allowlist_domains answers requests from any origin: EmbedConfig.parseAllowedHosts() returns null for an empty allowlist, and canRespond (embed middleware) skips the origin check when it's null. There's no deny-by-default and no warning, so an operator can unknowingly expose a workspace's content cross-origin.

Change (additive, fully back-compatible)

  • server/utils/middleware/embedMiddleware.js — when EMBED_REQUIRE_ALLOWLIST=true, an embed whose allowlist is empty/null now rejects all requests (deny-by-default) instead of answering any origin. Unset → existing behavior, unchanged.
  • server/models/embedConfig.jsconsole.warn at creation when an embed has no allowlist.
  • server/.env.example — documents the new opt-in flag.

No schema change, no behavior change unless the operator opts in.

Testing

  • node --check passes on both modified JS files.
  • Manual: create an embed with no allowed domains; with EMBED_REQUIRE_ALLOWLIST=true, requests are rejected (401); unset, they're answered as before; an embed with an allowlist set is unaffected either way.
  • I was not able to run the full server test suite locally — please run CI / a maintainer pass.

Disclosure

Surfaced while testing a self-hosted instance with an automated multi-tenant-isolation checker (Sectum AI); drafted with AI assistance.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/Mintplex-Labs/anything-llm/pull/5759 **Author:** [@dmitrymaranik](https://github.com/dmitrymaranik) **Created:** 6/4/2026 **Status:** ✅ Merged **Merged:** 6/6/2026 **Merged by:** [@timothycarambat](https://github.com/timothycarambat) **Base:** `master` ← **Head:** `embed-deny-no-allowlist` --- ### 📝 Commits (4) - [`c7a314b`](https://github.com/Mintplex-Labs/anything-llm/commit/c7a314b68ccc697b51c872a5a1fafa1f8491fc52) feat(embed): opt-in deny-by-default for embeds with no allowlist - [`33c572b`](https://github.com/Mintplex-Labs/anything-llm/commit/33c572bfd68a9087205704c7b6f5702a7f4845e3) chore(embed): persist EMBED_REQUIRE_ALLOWLIST in dumpENV protectedKeys - [`ae86dc0`](https://github.com/Mintplex-Labs/anything-llm/commit/ae86dc04400757d1f26547af3e04b31a6b79bb76) update to spec - [`da48d64`](https://github.com/Mintplex-Labs/anything-llm/commit/da48d6432ce8fa84659012c14799983966f77c54) Merge branch 'master' into embed-deny-no-allowlist ### 📊 Changes **5 files changed** (+52 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `docker/.env.example` (+9 -0) 📝 `server/.env.example` (+9 -0) 📝 `server/models/embedConfig.js` (+13 -0) 📝 `server/utils/helpers/updateENV.js` (+3 -0) 📝 `server/utils/middleware/embedMiddleware.js` (+18 -0) </details> ### 📄 Description Resolves #5758. ### What & why An embed created without `allowlist_domains` answers requests from **any** origin: `EmbedConfig.parseAllowedHosts()` returns `null` for an empty allowlist, and `canRespond` (embed middleware) skips the origin check when it's `null`. There's no deny-by-default and no warning, so an operator can unknowingly expose a workspace's content cross-origin. ### Change (additive, fully back-compatible) - **`server/utils/middleware/embedMiddleware.js`** — when `EMBED_REQUIRE_ALLOWLIST=true`, an embed whose allowlist is empty/null now rejects all requests (deny-by-default) instead of answering any origin. Unset → existing behavior, unchanged. - **`server/models/embedConfig.js`** — `console.warn` at creation when an embed has no allowlist. - **`server/.env.example`** — documents the new opt-in flag. No schema change, no behavior change unless the operator opts in. ### Testing - `node --check` passes on both modified JS files. - Manual: create an embed with no allowed domains; with `EMBED_REQUIRE_ALLOWLIST=true`, requests are rejected (401); unset, they're answered as before; an embed with an allowlist set is unaffected either way. - I was not able to run the full server test suite locally — please run CI / a maintainer pass. ### Disclosure Surfaced while testing a self-hosted instance with an automated multi-tenant-isolation checker ([Sectum AI](https://github.com/sectum-ai/sectum-ai)); drafted with AI assistance. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
yindo added the pull-request label 2026-06-05 15:21:44 -04:00
yindo changed title from [PR #5759] feat(embed): opt-in deny-by-default for embeds with no allowlist to [PR #5759] [MERGED] feat(embed): opt-in deny-by-default for embeds with no allowlist 2026-06-07 16:45:28 -04:00
yindo closed this issue 2026-06-07 16:45:28 -04:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Mintplex-Labs/anything-llm#5556