Exemple #1
0
    def test_null_origin(self):
        request = HttpRequest()
        request.META["HTTP_ORIGIN"] = "null"
        assert origin_from_request(request) is None

        request.META["HTTP_REFERER"] = "http://example.com"
        assert origin_from_request(request) == "http://example.com"
Exemple #2
0
    def test_null_origin(self):
        request = HttpRequest()
        request.META['HTTP_ORIGIN'] = 'null'
        assert origin_from_request(request) is None

        request.META['HTTP_REFERER'] = 'http://example.com'
        assert origin_from_request(request) == 'http://example.com'
Exemple #3
0
    def test_null_origin(self):
        request = HttpRequest()
        request.META['HTTP_ORIGIN'] = 'null'
        assert origin_from_request(request) is None

        request.META['HTTP_REFERER'] = 'http://example.com'
        assert origin_from_request(request) == 'http://example.com'
Exemple #4
0
    def allow_cors_options_wrapper(self, request, *args, **kwargs):

        if request.method == 'OPTIONS':
            response = HttpResponse(status=200)
            response[
                'Access-Control-Max-Age'] = '3600'  # don't ask for options again for 1 hour
        else:
            response = func(self, request, *args, **kwargs)

        allow = ', '.join(self._allowed_methods())
        response['Allow'] = allow
        response['Access-Control-Allow-Methods'] = allow
        response['Access-Control-Allow-Headers'] = 'X-Sentry-Auth, X-Requested-With, Origin, Accept, ' \
                                                   'Content-Type, Authentication'
        response[
            'Access-Control-Expose-Headers'] = 'X-Sentry-Error, Retry-After'

        if request.META.get('HTTP_ORIGIN') == 'null':
            origin = 'null'  # if ORIGIN header is explicitly specified as 'null' leave it alone
        else:
            origin = origin_from_request(request)

        if origin is None or origin == 'null':
            response['Access-Control-Allow-Origin'] = '*'
        else:
            response['Access-Control-Allow-Origin'] = origin

        return response
Exemple #5
0
 def origin_from_request(cls, request):
     """
     Returns either the Origin or Referer value from the request headers.
     """
     if request.META.get("HTTP_ORIGIN") == "null":
         return "null"
     return origin_from_request(request)
Exemple #6
0
 def origin_from_request(self, request):
     """
     Returns either the Origin or Referer value from the request headers.
     """
     if request.META.get('HTTP_ORIGIN') == 'null':
         return 'null'
     return origin_from_request(request)
Exemple #7
0
    def allow_cors_options_wrapper(self, request, *args, **kwargs):

        if request.method == "OPTIONS":
            response = HttpResponse(status=200)
            response["Access-Control-Max-Age"] = "3600"  # don't ask for options again for 1 hour
        else:
            response = func(self, request, *args, **kwargs)

        allow = ", ".join(self._allowed_methods())
        response["Allow"] = allow
        response["Access-Control-Allow-Methods"] = allow
        response["Access-Control-Allow-Headers"] = (
            "X-Sentry-Auth, X-Requested-With, Origin, Accept, "
            "Content-Type, Authentication, Authorization, Content-Encoding"
        )
        response["Access-Control-Expose-Headers"] = "X-Sentry-Error, Retry-After"

        if request.META.get("HTTP_ORIGIN") == "null":
            origin = "null"  # if ORIGIN header is explicitly specified as 'null' leave it alone
        else:
            origin = origin_from_request(request)

        if origin is None or origin == "null":
            response["Access-Control-Allow-Origin"] = "*"
        else:
            response["Access-Control-Allow-Origin"] = origin

        return response
Exemple #8
0
 def origin_from_request(self, request):
     """
     Returns either the Origin or Referer value from the request headers.
     """
     if request.META.get('HTTP_ORIGIN') == 'null':
         return 'null'
     return origin_from_request(request)
Exemple #9
0
 def _get_origin(self, request):
     return origin_from_request(request)
Exemple #10
0
 def _get_origin(self, request):
     return origin_from_request(request)
Exemple #11
0
 def test_referer(self):
     request = HttpRequest()
     request.META["HTTP_REFERER"] = "http://example.com/foo/bar"
     assert origin_from_request(request) == "http://example.com"
Exemple #12
0
 def test_referer(self):
     request = HttpRequest()
     request.META['HTTP_REFERER'] = 'http://example.com/foo/bar'
     assert origin_from_request(request) == 'http://example.com'
Exemple #13
0
 def test_nothing(self):
     request = HttpRequest()
     assert origin_from_request(request) is None
Exemple #14
0
 def origin_from_request(self, request):
     """
     Returns either the Origin or Referer value from the request headers.
     """
     return origin_from_request(request)
Exemple #15
0
 def origin_from_request(self, request):
     """
     Returns either the Origin or Referer value from the request headers.
     """
     return origin_from_request(request)
Exemple #16
0
 def test_referer(self):
     request = HttpRequest()
     request.META['HTTP_REFERER'] = 'http://example.com/foo/bar'
     assert origin_from_request(request) == 'http://example.com'
Exemple #17
0
 def test_nothing(self):
     request = HttpRequest()
     assert origin_from_request(request) is None