Commit b5141cc2 authored by Vincent Pelletier's avatar Vincent Pelletier

wsgi: Fix https port number in CORS responses.

toHTTPS was only taking care of scheme, which is not enough. So use
self._https_url directly.
parent 41d8b2d6
......@@ -78,8 +78,6 @@ CORS_COOKIE_ORIGIN_KEY = 'o' # Prevent an origin from stealing another's token.
A_YEAR_IN_SECONDS = 60 * 60 * 24 * 365 # Roughly a year
toHTTPS = lambda url: urlunparse(('https', ) + urlparse(url)[1:])
def _getStatus(code):
return '%i %s' % (code, httplib.responses[code])
......@@ -726,8 +724,7 @@ class Application(object):
header_list may be modified before raising OriginUnauthorized, in order to
give client an opportunity to clean stale/broken values.
"""
my_uri = application_uri(environ)
my_origin = my_uri.split('/', 1)[0]
my_origin = application_uri(environ).split('/', 1)[0]
origin = environ.get('HTTP_ORIGIN', my_origin)
if origin == my_origin:
# Not a CORS request
......@@ -776,10 +773,8 @@ class Application(object):
if access is None:
# Missing or malformed cookie, missing or expired or invalid entry
# for origin: require authentication via cors form.
if not my_uri.endswith('/'):
my_uri += '/'
raise OriginUnauthorized(
toHTTPS(my_uri) + 'cors?' +
self._https_url + '/cors?' +
urlencode([(CORS_FORM_ORIGIN_PARAMETER, origin)]) +
'{&' + CORS_FORM_RETURN_PARAMETER + '}',
)
......@@ -877,7 +872,7 @@ class Application(object):
return (
STATUS_FOUND,
[
('Location', toHTTPS(request_uri(environ))),
('Location', self._https_url),
],
[],
)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment