def options(self): self.set_extra_headers() if self.csrf_protection: origin = self.request.headers.get("Origin") if not check_origin(origin, self.request.headers, self.allowed_origins): self.set_status(403, f"Access denied for origin {origin}") return self.set_header("Access-Control-Allow-Origin", f"{origin}") self.set_header("Access-Control-Allow-Headers", "Content-Type") self.set_status(204)
def test_empty_origin_allowed(self): assert handlers.check_origin("", self.headers, self.allowed)
def test_chrome_file_origin_allowed(self): assert handlers.check_origin("file://", self.headers, self.allowed)
def test_empty_origin_allowed(self): self.assertTrue(handlers.check_origin('', self.headers, self.allowed))
def test_chrome_file_origin_allowed(self): self.assertTrue(handlers.check_origin( 'file://', self.headers, self.allowed))
def test_different_host_origin_blocked(self): self.assertFalse( handlers.check_origin('http://other:6680', self.headers, self.allowed))
def test_extra_origin_allowed(self): self.allowed.add('other:6680') self.assertTrue( handlers.check_origin('http://other:6680', self.headers, self.allowed))
def test_missing_origin_blocked(self): self.assertFalse(handlers.check_origin( None, self.headers, self.allowed))
def test_firefox_null_origin_allowed(self): assert handlers.check_origin("null", self.headers, self.allowed)
def test_different_port_blocked(self): self.assertFalse(handlers.check_origin( 'http://localhost:80', self.headers, self.allowed))
def test_extra_origin_allowed(self): self.allowed.add('other:6680') self.assertTrue(handlers.check_origin( 'http://other:6680', self.headers, self.allowed))
def test_different_host_origin_blocked(self): self.assertFalse(handlers.check_origin( 'http://other:6680', self.headers, self.allowed))
def test_same_host_origin_allowed(self): self.assertTrue(handlers.check_origin( 'http://localhost:6680', self.headers, self.allowed))
def test_firefox_null_origin_allowed(self): self.assertTrue(handlers.check_origin( 'null', self.headers, self.allowed))
def test_firefox_null_origin_allowed(self): self.assertTrue( handlers.check_origin('null', self.headers, self.allowed))
def test_same_host_origin_allowed(self): assert handlers.check_origin("http://localhost:6680", self.headers, self.allowed)
def test_same_host_origin_allowed(self): self.assertTrue( handlers.check_origin('http://localhost:6680', self.headers, self.allowed))
def test_different_host_origin_blocked(self): assert not handlers.check_origin("http://other:6680", self.headers, self.allowed)
def test_different_port_blocked(self): self.assertFalse( handlers.check_origin('http://localhost:80', self.headers, self.allowed))
def test_different_port_blocked(self): assert not handlers.check_origin("http://localhost:80", self.headers, self.allowed)
def test_missing_origin_blocked(self): self.assertFalse( handlers.check_origin(None, self.headers, self.allowed))
def test_extra_origin_allowed(self): self.allowed.add("other:6680") assert handlers.check_origin("http://other:6680", self.headers, self.allowed)
def test_chrome_file_origin_allowed(self): self.assertTrue( handlers.check_origin('file://', self.headers, self.allowed))