Ignore origin domain when it's empty.
This commit is contained in:
parent
967867d48c
commit
e3b0402bb7
|
@ -88,6 +88,7 @@ def create_origin_only_middleware():
|
||||||
origin = request.headers['Origin']
|
origin = request.headers['Origin']
|
||||||
host_domain = host.lower()
|
host_domain = host.lower()
|
||||||
origin_domain = urllib.parse.urlparse(origin).netloc.lower()
|
origin_domain = urllib.parse.urlparse(origin).netloc.lower()
|
||||||
|
if len(host_domain) > 0 and len(origin_domain) > 0:
|
||||||
if host_domain != origin_domain:
|
if host_domain != origin_domain:
|
||||||
logging.warning("WARNING: request with non matching host and origin {} != {}, returning 403".format(host_domain, origin_domain))
|
logging.warning("WARNING: request with non matching host and origin {} != {}, returning 403".format(host_domain, origin_domain))
|
||||||
return web.Response(status=403)
|
return web.Response(status=403)
|
||||||
|
|
Loading…
Reference in New Issue