You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@mock.patch('importlib.import_module')
def test_connect_cors_all_origins_no_client_origin(self, import_module):
a = self.get_async_mock({'REQUEST_METHOD': 'GET', 'QUERY_STRING': ''})
import_module.side_effect = [a]
s = asyncio_server.AsyncServer(cors_allowed_origins='*')
_run(s.handle_request('request'))
Currently the outcome is:
File "/home/vova/.local/lib/python3.6/site-packages/engineio/server.py", line 412, in handle_request
cors_headers = self._cors_headers(environ)
File "/home/vova/.local/lib/python3.6/site-packages/engineio/server.py", line 611, in _cors_headers
headers = [('Access-Control-Allow-Origin', environ['HTTP_ORIGIN'])]
KeyError: 'HTTP_ORIGIN'
The problem is here. allowed_origins is None because cors_allowed_origins="*".
if allowed_origins is None or \
('HTTP_ORIGIN' in environ and environ['HTTP_ORIGIN'] in
allowed_origins):
headers = [('Access-Control-Allow-Origin', environ['HTTP_ORIGIN'])]
Maybe it will be more correct to omit Access-Control-Allow-Origin in case Origin header is missing?
The use case is connecting to same socket.io server from browser and python client.
Browser needs CORS and includes Origin header while python client doesn't include Origin header.
The text was updated successfully, but these errors were encountered:
Hi,
Please consider following test case:
Currently the outcome is:
The problem is here.
allowed_origins
is None becausecors_allowed_origins="*"
.Maybe it will be more correct to omit
Access-Control-Allow-Origin
in caseOrigin
header is missing?The use case is connecting to same socket.io server from browser and python client.
Browser needs CORS and includes
Origin
header while python client doesn't includeOrigin
header.The text was updated successfully, but these errors were encountered: