From 358fb234a77bf970d5cc306fdd09a610d84cd905 Mon Sep 17 00:00:00 2001
From: "R. Miles McCain" <development-machine@sendmiles.email>
Date: Sun, 28 Jun 2020 17:36:12 +0000
Subject: [PATCH] Fix multiple origin support (closes #52)

---
 shynet/analytics/views/ingress.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/shynet/analytics/views/ingress.py b/shynet/analytics/views/ingress.py
index ef39b01..4ee74dc 100644
--- a/shynet/analytics/views/ingress.py
+++ b/shynet/analytics/views/ingress.py
@@ -1,5 +1,6 @@
 import base64
 import json
+from urllib.parse import urlparse
 
 from django.conf import settings
 from django.core.cache import cache
@@ -49,7 +50,15 @@ class ValidateServiceOriginsMixin:
                 cache.set(f"service_origins_{service_uuid}", origins, timeout=3600)
 
             resp = super().dispatch(request, *args, **kwargs)
-            resp["Access-Control-Allow-Origin"] = origins
+
+            if origins != "*":
+                remote_origin = request.META.get("HTTP_ORIGIN")
+                origins = [origin.strip() for origin in origins.split(",")]
+                if remote_origin in origins:
+                    resp["Access-Control-Allow-Origin"] = remote_origin
+            else:
+                resp["Access-Control-Allow-Origin"] = "*"
+
             resp["Access-Control-Allow-Methods"] = "GET,HEAD,OPTIONS,POST"
             resp[
                 "Access-Control-Allow-Headers"