def test_null_origin(self):
request = HttpRequest()
request.META["HTTP_ORIGIN"] = "null"
assert origin_from_request(request) is None
request.META["HTTP_REFERER"] = "http://example.com"
assert origin_from_request(request) == "http://example.com"
def test_null_origin(self):
request = HttpRequest()
request.META['HTTP_ORIGIN'] = 'null'
assert origin_from_request(request) is None
request.META['HTTP_REFERER'] = 'http://example.com'
assert origin_from_request(request) == 'http://example.com'
def test_null_origin(self):
request = HttpRequest()
request.META['HTTP_ORIGIN'] = 'null'
assert origin_from_request(request) is None
request.META['HTTP_REFERER'] = 'http://example.com'
assert origin_from_request(request) == 'http://example.com'
def allow_cors_options_wrapper(self, request, *args, **kwargs):
if request.method == 'OPTIONS':
response = HttpResponse(status=200)
response[
'Access-Control-Max-Age'] = '3600' # don't ask for options again for 1 hour
else:
response = func(self, request, *args, **kwargs)
allow = ', '.join(self._allowed_methods())
response['Allow'] = allow
response['Access-Control-Allow-Methods'] = allow
response['Access-Control-Allow-Headers'] = 'X-Sentry-Auth, X-Requested-With, Origin, Accept, ' \
'Content-Type, Authentication'
response[
'Access-Control-Expose-Headers'] = 'X-Sentry-Error, Retry-After'
if request.META.get('HTTP_ORIGIN') == 'null':
origin = 'null' # if ORIGIN header is explicitly specified as 'null' leave it alone
else:
origin = origin_from_request(request)
if origin is None or origin == 'null':
response['Access-Control-Allow-Origin'] = '*'
else:
response['Access-Control-Allow-Origin'] = origin
return response
def origin_from_request(cls, request):
"""
Returns either the Origin or Referer value from the request headers.
"""
if request.META.get("HTTP_ORIGIN") == "null":
return "null"
return origin_from_request(request)
def origin_from_request(self, request):
"""
Returns either the Origin or Referer value from the request headers.
"""
if request.META.get('HTTP_ORIGIN') == 'null':
return 'null'
return origin_from_request(request)
def allow_cors_options_wrapper(self, request, *args, **kwargs):
if request.method == "OPTIONS":
response = HttpResponse(status=200)
response["Access-Control-Max-Age"] = "3600" # don't ask for options again for 1 hour
else:
response = func(self, request, *args, **kwargs)
allow = ", ".join(self._allowed_methods())
response["Allow"] = allow
response["Access-Control-Allow-Methods"] = allow
response["Access-Control-Allow-Headers"] = (
"X-Sentry-Auth, X-Requested-With, Origin, Accept, "
"Content-Type, Authentication, Authorization, Content-Encoding"
)
response["Access-Control-Expose-Headers"] = "X-Sentry-Error, Retry-After"
if request.META.get("HTTP_ORIGIN") == "null":
origin = "null" # if ORIGIN header is explicitly specified as 'null' leave it alone
else:
origin = origin_from_request(request)
if origin is None or origin == "null":
response["Access-Control-Allow-Origin"] = "*"
else:
response["Access-Control-Allow-Origin"] = origin
return response
def origin_from_request(self, request):
"""
Returns either the Origin or Referer value from the request headers.
"""
if request.META.get('HTTP_ORIGIN') == 'null':
return 'null'
return origin_from_request(request)
def _get_origin(self, request):
return origin_from_request(request)
def _get_origin(self, request):
return origin_from_request(request)
def test_referer(self):
request = HttpRequest()
request.META["HTTP_REFERER"] = "http://example.com/foo/bar"
assert origin_from_request(request) == "http://example.com"
def test_referer(self):
request = HttpRequest()
request.META['HTTP_REFERER'] = 'http://example.com/foo/bar'
assert origin_from_request(request) == 'http://example.com'
def test_nothing(self):
request = HttpRequest()
assert origin_from_request(request) is None
def origin_from_request(self, request):
"""
Returns either the Origin or Referer value from the request headers.
"""
return origin_from_request(request)
def origin_from_request(self, request):
"""
Returns either the Origin or Referer value from the request headers.
"""
return origin_from_request(request)
def test_referer(self):
request = HttpRequest()
request.META['HTTP_REFERER'] = 'http://example.com/foo/bar'
assert origin_from_request(request) == 'http://example.com'
def test_nothing(self):
request = HttpRequest()
assert origin_from_request(request) is None
