From aa23f6b24f195cf449b854b096e0b6bf8a6dfa20 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stefan.buehler@tik.uni-stuttgart.de>
Date: Mon, 11 Apr 2022 10:31:51 +0200
Subject: [PATCH] fix Origin https scheme check

---
 src/capport/api/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/capport/api/views.py b/src/capport/api/views.py
index b32a9e6..d4c9787 100644
--- a/src/capport/api/views.py
+++ b/src/capport/api/views.py
@@ -108,7 +108,7 @@ def check_self_origin():
     # Origin should look like: <scheme>://<hostname>  (optionally followed by :<port>)
     if len(origin_parts) < 3:
         quart.abort(400, 'Broken Origin header')
-    if origin_parts[0] != 'https' and not app.my_config.debug:
+    if origin_parts[0] != 'https:' and not app.my_config.debug:
         # -> require https in production
         quart.abort(403, 'Non-https Origin not allowed')
     origin_host = origin_parts[2]