Fix CORS to handle requests where Origin is not set. (#929)

mozilla-releng · May 29, 2019 · e433087 · e433087
1 parent 0473a3c
commit e433087
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/auslib/web/admin/base.py b/auslib/web/admin/base.py
@@ -84,7 +84,7 @@ def add_security_headers(response):
     response.headers["Access-Control-Allow-Headers"] = "Authorization"
     if "*" in app.config["CORS_ORIGINS"]:
         response.headers["Access-Control-Allow-Origin"] = "*"
-    elif request.headers["Origin"] in app.config["CORS_ORIGINS"]:
+    elif "Origin" in request.headers and request.headers["Origin"] in app.config["CORS_ORIGINS"]:
         response.headers["Access-Control-Allow-Origin"] = request.headers["Origin"]
     if re.match("^/ui/", request.path):
         # This enables swagger-ui to dynamically fetch and

diff --git a/version.txt b/version.txt
@@ -1 +1 @@
-2.65
+2.65.1