ac107458/python-capport
2
0
Fork 0
Code

fix Origin https scheme check

Browse Source
This commit is contained in:
Stefan Bühler 2022-04-11 10:31:51 +02:00
parent 123e94111d
commit aa23f6b24f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/capport/api/views.py
View File

@ -108,7 +108,7 @@ def check_self_origin():
# Origin should look like: <scheme>://<hostname> (optionally followed by :<port>) # Origin should look like: <scheme>://<hostname> (optionally followed by :<port>)
if len(origin_parts) < 3: if len(origin_parts) < 3:
quart.abort(400, 'Broken Origin header') quart.abort(400, 'Broken Origin header')
if origin_parts[0] != 'https' and not app.my_config.debug: if origin_parts[0] != 'https:' and not app.my_config.debug:
# -> require https in production # -> require https in production
quart.abort(403, 'Non-https Origin not allowed') quart.abort(403, 'Non-https Origin not allowed')
origin_host = origin_parts[2] origin_host = origin_parts[2]