Commit b70202a8 authored by Linus Lewandowski's avatar Linus Lewandowski

Fix - Firefox does not send Origin for same-origin POSTs.

parent c34c3440
Pipeline #12896687 passed with stages
in 3 minutes and 45 seconds
......@@ -23,10 +23,16 @@ class OriginMiddleware:
def __call__(self, request):
if request.headers.cookie and request.method != 'GET':
if not request.headers.origin:
origin = request.headers.origin
if not origin:
referer = request.headers.referer
if referer:
origin = urlunsplit(urlsplit(referer)._replace(path='', query=''))
if not origin:
raise MissingOrigin()
if request.headers.origin not in ALLOWED_ORIGINS:
if origin not in ALLOWED_ORIGINS:
raise DisallowedOrigin()
return self.get_response(request)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment