fix Origin https scheme check

2022-04-11 10:31:51 +02:00 · 2022-04-11 10:31:51 +02:00 · aa23f6b24f
commit aa23f6b24f
parent 123e94111d
1 changed files with 1 additions and 1 deletions
--- a/src/capport/api/views.py
+++ b/src/capport/api/views.py
@ -108,7 +108,7 @@ def check_self_origin():
    # Origin should look like: <scheme>://<hostname>  (optionally followed by :<port>)
    if len(origin_parts) < 3:
        quart.abort(400, 'Broken Origin header')
-    if origin_parts[0] != 'https' and not app.my_config.debug:
+    if origin_parts[0] != 'https:' and not app.my_config.debug:
        # -> require https in production
        quart.abort(403, 'Non-https Origin not allowed')
    origin_host = origin_parts[2]