1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
Origin: https://github.com/corydolphin/flask-cors/commit/67c4b2cc98ae87cf1fa7df4f97fd81b40c79b895
From: Cory Dolphin <corydolphin@users.noreply.github.com>
Date: Sun, 30 Aug 2020 15:32:54 -0600
Subject: Fix request path normalization (#272)
* Normalize path before evaluating resource rules
---
diff --git a/flask_cors/extension.py b/flask_cors/extension.py
index 6a585aa..466869e 100644
--- a/flask_cors/extension.py
+++ b/flask_cors/extension.py
@@ -10,6 +10,10 @@
"""
from flask import request
from .core import *
+try:
+ from urllib.parse import unquote_plus
+except ImportError:
+ from urllib import unquote_plus
LOG = logging.getLogger(__name__)
@@ -173,9 +177,9 @@ def cors_after_request(resp):
if resp.headers is not None and resp.headers.get(ACL_ORIGIN):
LOG.debug('CORS have been already evaluated, skipping')
return resp
-
+ normalized_path = unquote_plus(request.path)
for res_regex, res_options in resources:
- if try_match(request.path, res_regex):
+ if try_match(normalized_path, res_regex):
LOG.debug("Request to '%s' matches CORS resource '%s'. Using options: %s",
request.path, get_regexp_pattern(res_regex), res_options)
set_cors_headers(resp, res_options)
|
