Ignore origin domain when it's empty.
This commit is contained in:
parent
967867d48c
commit
e3b0402bb7
|
@ -88,6 +88,7 @@ def create_origin_only_middleware():
|
|||
origin = request.headers['Origin']
|
||||
host_domain = host.lower()
|
||||
origin_domain = urllib.parse.urlparse(origin).netloc.lower()
|
||||
if len(host_domain) > 0 and len(origin_domain) > 0:
|
||||
if host_domain != origin_domain:
|
||||
logging.warning("WARNING: request with non matching host and origin {} != {}, returning 403".format(host_domain, origin_domain))
|
||||
return web.Response(status=403)
|
||||
|
|
Loading…
Reference in New Issue