(
self,
scope: dict[str, Any],
receive: Any,
send: Any,
)
| 232 | self._allowed_origin_regex = allowed_origin_regex |
| 233 | |
| 234 | async def __call__( |
| 235 | self, |
| 236 | scope: dict[str, Any], |
| 237 | receive: Any, |
| 238 | send: Any, |
| 239 | ) -> None: |
| 240 | if scope["type"] != "http": |
| 241 | await self._app(scope, receive, send) |
| 242 | return |
| 243 | |
| 244 | method = scope.get("method", "GET") |
| 245 | if method in _SAFE_HTTP_METHODS: |
| 246 | await self._app(scope, receive, send) |
| 247 | return |
| 248 | |
| 249 | origin = _get_scope_header(scope, b"origin") |
| 250 | if origin is None: |
| 251 | await self._app(scope, receive, send) |
| 252 | return |
| 253 | |
| 254 | if _is_request_origin_allowed( |
| 255 | origin, |
| 256 | scope, |
| 257 | self._allowed_origins, |
| 258 | self._allowed_origin_regex, |
| 259 | self._has_configured_allowed_origins, |
| 260 | ): |
| 261 | await self._app(scope, receive, send) |
| 262 | return |
| 263 | |
| 264 | response_body = b"Forbidden: origin not allowed" |
| 265 | await send({ |
| 266 | "type": "http.response.start", |
| 267 | "status": 403, |
| 268 | "headers": [ |
| 269 | (b"content-type", b"text/plain"), |
| 270 | (b"content-length", str(len(response_body)).encode()), |
| 271 | ], |
| 272 | }) |
| 273 | await send({ |
| 274 | "type": "http.response.body", |
| 275 | "body": response_body, |
| 276 | }) |
| 277 | |
| 278 | |
| 279 | class _DefaultAppRewriteMiddleware: |
nothing calls this directly
no test coverage detected