Skip to content
This repository has been archived by the owner on Feb 15, 2021. It is now read-only.

Allow for a null origin (file URL) in the whitelist #22

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+10 −3
Open

Allow for a null origin (file URL) in the whitelist #22

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions README.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,17 +85,23 @@ Default:
~~~~~~~~~~~~~~~~~~~~~~~~~

Specify a list of origin hostnames that are authorized to make a
cross-site HTTP request
cross-site HTTP request. To allow requests from a file URL (e.g.
``file:///home/bob/index.html``) add the string ``null`` to the
whitelist.

Example:

::

CORS_ORIGIN_WHITELIST = (
'google.com',
'hostname.example.com'
'hostname.example.com',
'localhost:8000',
'null'
)

Note that ``localhost`` is not the same as ``localhost:8000``.

Default:

::
Expand Down
3 changes: 2 additions & 1 deletion corsheaders/middleware.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,8 @@ def process_response(self, request, response):

def origin_not_found_in_white_lists(self, origin, url):
return (url.netloc not in settings.CORS_ORIGIN_WHITELIST and
not self.regex_domain_match(origin))
not self.regex_domain_match(origin) and
not (origin == "null" and "null" in settings.CORS_ORIGIN_WHITELIST))

def regex_domain_match(self, origin):
for domain_pattern in settings.CORS_ORIGIN_REGEX_WHITELIST:
Expand Down