From 5f94ac9eaa7b3b4d89b4594455a90d8deb866c1b Mon Sep 17 00:00:00 2001 From: Jimmy Berry Date: Mon, 13 May 2019 16:53:26 -0500 Subject: [PATCH] obs_operator: do not require session for OPTIONS method. The CORS pre-flight OPTIONS calls do not include the session headers, but should validate everything else bsides the session. --- obs_operator.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/obs_operator.py b/obs_operator.py index 1679e6a4..07f46edc 100755 --- a/obs_operator.py +++ b/obs_operator.py @@ -40,7 +40,7 @@ class RequestHandler(BaseHTTPRequestHandler): def do_OPTIONS(self): try: - with OSCRequestEnvironment(self) as oscrc_file: + with OSCRequestEnvironment(self, require_session=False) as oscrc_file: self.send_header('Access-Control-Allow-Methods', 'GET, POST') self.send_header('Access-Control-Allow-Headers', 'Access-Control-Allow-Origin, Content-Type, X-Requested-With') except OSCRequestEnvironmentException as e: @@ -286,9 +286,10 @@ class RequestHandler(BaseHTTPRequestHandler): yield command class OSCRequestEnvironment(object): - def __init__(self, handler, user=None): + def __init__(self, handler, user=None, require_session=True): self.handler = handler self.user = user + self.require_session = require_session def __enter__(self): apiurl = self.handler.apiurl_get() @@ -302,7 +303,7 @@ class OSCRequestEnvironment(object): raise OSCRequestEnvironmentException('origin does not match host domain') session = self.handler.session_get() - if not session: + if self.require_session and not session: self.handler.send_response(401) self.handler.end_headers() raise OSCRequestEnvironmentException('unable to determine session')