KeyError with cors_allowed_origins="*" and empty Origin header

[vvmnnnkv]

Hi,
Please consider following test case:

    @mock.patch('importlib.import_module')
    def test_connect_cors_all_origins_no_client_origin(self, import_module):
        a = self.get_async_mock({'REQUEST_METHOD': 'GET', 'QUERY_STRING': ''})
        import_module.side_effect = [a]
        s = asyncio_server.AsyncServer(cors_allowed_origins='*')
        _run(s.handle_request('request'))

Currently the outcome is:

  File "/home/vova/.local/lib/python3.6/site-packages/engineio/server.py", line 412, in handle_request
    cors_headers = self._cors_headers(environ)
  File "/home/vova/.local/lib/python3.6/site-packages/engineio/server.py", line 611, in _cors_headers
    headers = [('Access-Control-Allow-Origin', environ['HTTP_ORIGIN'])]
KeyError: 'HTTP_ORIGIN'

The problem is here. allowed_origins is None because cors_allowed_origins="*".

       if allowed_origins is None or \
                ('HTTP_ORIGIN' in environ and environ['HTTP_ORIGIN'] in
                 allowed_origins):
            headers = [('Access-Control-Allow-Origin', environ['HTTP_ORIGIN'])]

Maybe it will be more correct to omit Access-Control-Allow-Origin in case Origin header is missing?

The use case is connecting to same socket.io server from browser and python client.
Browser needs CORS and includes Origin header while python client doesn't include Origin header.

[miguelgrinberg]

Thanks. Looks like I missed one case here, when the client is not a browser.