Ignore origin domain when it's empty.

This commit is contained in:
comfyanonymous 2024-09-09 01:04:03 -04:00
parent 967867d48c
commit e3b0402bb7
1 changed files with 4 additions and 3 deletions

View File

@ -88,6 +88,7 @@ def create_origin_only_middleware():
origin = request.headers['Origin'] origin = request.headers['Origin']
host_domain = host.lower() host_domain = host.lower()
origin_domain = urllib.parse.urlparse(origin).netloc.lower() origin_domain = urllib.parse.urlparse(origin).netloc.lower()
if len(host_domain) > 0 and len(origin_domain) > 0:
if host_domain != origin_domain: if host_domain != origin_domain:
logging.warning("WARNING: request with non matching host and origin {} != {}, returning 403".format(host_domain, origin_domain)) logging.warning("WARNING: request with non matching host and origin {} != {}, returning 403".format(host_domain, origin_domain))
return web.Response(status=403) return web.Response(status=403)