diff --git a/src/capport/api/views.py b/src/capport/api/views.py index b32a9e6..d4c9787 100644 --- a/src/capport/api/views.py +++ b/src/capport/api/views.py @@ -108,7 +108,7 @@ def check_self_origin(): # Origin should look like: :// (optionally followed by :) if len(origin_parts) < 3: quart.abort(400, 'Broken Origin header') - if origin_parts[0] != 'https' and not app.my_config.debug: + if origin_parts[0] != 'https:' and not app.my_config.debug: # -> require https in production quart.abort(403, 'Non-https Origin not allowed') origin_host = origin_parts[2]