@@ -67,6 +67,15 @@ def handle_one_request(self):
67
67
self .close_connection = 0
68
68
69
69
70
+ CORS_header = {
71
+ "Allow" : "GET,POST,OPTIONS" ,
72
+ "Access-Control-Allow-Origin" : "*" ,
73
+ "Access-Control-Allow-Methods" : "GET,POST,OPTIONS" ,
74
+ "Access-Control-Allow-Headers" : "Authorization,Content-Type" ,
75
+ "Connection" : "close" ,
76
+ "Content-Type" : "text/html" ,
77
+ }
78
+
70
79
class Http_Handler (simple_http_server .HttpServerHandler ):
71
80
deploy_proc = None
72
81
@@ -95,17 +104,24 @@ def load_module_menus(self):
95
104
96
105
def do_OPTIONS (self ):
97
106
try :
98
- origin = utils .to_str (self .headers .get (b'Origin' ))
107
+ # origin = utils.to_str(self.headers.get(b'Origin'))
99
108
# if origin not in self.config.allow_web_origins:
100
109
# return
101
110
102
- header = {
103
- "Allow" : "GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS" ,
104
- "Access-Control-Allow-Origin" : origin ,
105
- "Access-Control-Allow-Methods" : "GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS" ,
106
- "Access-Control-Allow-Headers" : "Authorization,Content-Type" ,
107
- }
108
- return self .send_response (headers = header )
111
+ self .headers = utils .to_str (self .headers )
112
+ self .path = utils .to_str (self .path )
113
+
114
+ refer = self .headers .get ('Referer' )
115
+ if refer :
116
+ refer_loc = urlparse (refer ).netloc
117
+ host = self .headers .get ('Host' )
118
+ if refer_loc != host and refer_loc not in config .allowed_refers :
119
+ xlog .warn ("web control ref:%s host:%s" , refer_loc , host )
120
+ return
121
+
122
+ self .set_CORS (CORS_header )
123
+
124
+ return self .send_response ()
109
125
except Exception as e :
110
126
xlog .exception ("options fail:%r" , e )
111
127
return self .send_not_found ()
@@ -118,10 +134,12 @@ def do_POST(self):
118
134
if refer :
119
135
refer_loc = urlparse (refer ).netloc
120
136
host = self .headers .get ('Host' )
121
- if refer_loc != host :
137
+ if refer_loc != host and refer_loc not in config . allowed_refers :
122
138
xlog .warn ("web control ref:%s host:%s" , refer_loc , host )
123
139
return
124
140
141
+ self .set_CORS (CORS_header )
142
+
125
143
try :
126
144
content_type = self .headers .get ('Content-Type' , "" )
127
145
ctype , pdict = cgi .parse_header (content_type )
0 commit comments