Home Explore Help
Sign In
SMusatov
/
sentry
mirror of https://github.com/getsentry/sentry
1
0
Fork 0
Files
Browse Source

api: roll back utils/http changes and only handle null in coreapi

There's no reason for us to do this wonky behavior outside the store
endpoint, so bring this exceptional behavior just for that case.
Matt Robenolt 7 years ago
parent
4f65bdd2d9
commit
36ed6a59e4
4 changed files with 14 additions and 5 deletions
Split View Show Diff Stats
  1. 2 0
      src/sentry/coreapi.py
  2. 1 3
      src/sentry/utils/http.py
  3. 10 1
      src/sentry/web/api.py
  4. 1 1
      tests/sentry/utils/http/tests.py

+ 2 - 0
src/sentry/coreapi.py
View File 

@@ -220,6 +220,8 @@ class ClientApiHelper(object):
 
         """
 
         Returns either the Origin or Referer value from the request headers.
 
         """
 
+        if request.META.get('HTTP_ORIGIN') == 'null':
 
+            return 'null'
 
         return origin_from_request(request)
 
 
     def project_key_from_auth(self, auth):

+ 1 - 3
src/sentry/utils/http.py
View File 

@@ -246,7 +246,5 @@ def origin_from_request(request):
 
     # Behavior is specified in RFC6454. In either case, we should
 
     # treat a "null" Origin as a nonexistent one and fallback to Referer.
 
     if rv in ('', 'null'):
 
-        referer = request.META.get('HTTP_REFERER')
 
-        if referer:
 
-            rv = origin_from_url(referer)
 
+        rv = origin_from_url(request.META.get('HTTP_REFERER'))
 
     return rv

+ 10 - 1
src/sentry/web/api.py
View File 

@@ -229,7 +229,16 @@ class APIView(BaseView):
 
             )
 
 
         if origin:
 
-            response['Access-Control-Allow-Origin'] = origin
 
+            if origin == 'null':
 
+                # If an Origin is `null`, but we got this far, that means
 
+                # we've gotten past our CORS check for some reason. But the
 
+                # problem is that we can't return "null" as a valid response
 
+                # to `Access-Control-Allow-Origin` and we don't have another
 
+                # value to work with, so just allow '*' since they've gotten
 
+                # this far.
 
+                response['Access-Control-Allow-Origin'] = '*'
 
+            else:
 
+                response['Access-Control-Allow-Origin'] = origin
 
 
         return response

+ 1 - 1
tests/sentry/utils/http/tests.py
View File 

@@ -272,7 +272,7 @@ class OriginFromRequestTestCase(TestCase):
 
     def test_null_origin(self):
 
         request = HttpRequest()
 
         request.META['HTTP_ORIGIN'] = 'null'
 
-        assert origin_from_request(request) is 'null'
 
+        assert origin_from_request(request) is None
 
 
         request.META['HTTP_REFERER'] = 'http://example.com'
 
         assert origin_from_request(request) == 'http://example.com'