Fix multiple origin support (closes #52)

2020-06-28 17:36:12 +00:00 · 2020-06-28 17:36:12 +00:00 · 358fb234a7
commit 358fb234a7
parent 94fed58de3
1 changed files with 10 additions and 1 deletions
--- a/shynet/analytics/views/ingress.py
+++ b/shynet/analytics/views/ingress.py
@ -1,5 +1,6 @@
 import base64
 import json
+from urllib.parse import urlparse

 from django.conf import settings
 from django.core.cache import cache
@ -49,7 +50,15 @@ class ValidateServiceOriginsMixin:
                cache.set(f"service_origins_{service_uuid}", origins, timeout=3600)

            resp = super().dispatch(request, *args, **kwargs)
-            resp["Access-Control-Allow-Origin"] = origins
+
+            if origins != "*":
+                remote_origin = request.META.get("HTTP_ORIGIN")
+                origins = [origin.strip() for origin in origins.split(",")]
+                if remote_origin in origins:
+                    resp["Access-Control-Allow-Origin"] = remote_origin
+            else:
+                resp["Access-Control-Allow-Origin"] = "*"
+
            resp["Access-Control-Allow-Methods"] = "GET,HEAD,OPTIONS,POST"
            resp[
                "Access-Control-Allow-Headers"