Dashboard - Change dev patterns in api_request_handler

Also add Pinpoint to allowed origins. Split off from https://chromium-review.googlesource.com/c/catapult/+/1703521 Bug: chromium:982391 Change-Id: I0e77bdb99071e43e4f261f6a9125c7415a510e49 Reviewed-on: https://chromium-review.googlesource.com/c/catapult/+/1709751 Reviewed-by: Ben Hayden <[email protected]> Commit-Queue: Simon Hatch <[email protected]>
catapult-project · Jul 19, 2019 · 58751aa · 58751aa
1 parent 5075be9
commit 58751aa
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/dashboard/dashboard/api/api_request_handler.py b/dashboard/dashboard/api/api_request_handler.py
@@ -18,6 +18,7 @@
 
 _ALLOWED_ORIGINS = [
     'chromeperf.appspot.com',
+    'pinpoint-dot-chromeperf.appspot.com',
     'chromiumdash.appspot.com',
     'chromiumdash-staging.googleplex.com',
 ]
@@ -110,7 +111,7 @@ def _SetCorsHeadersIfAppropriate(self):
     origin = self.request.headers.get('Origin', '')
     for allowed in _ALLOWED_ORIGINS:
       dev_pattern = re.compile(
-          r'https://[A-Za-z0-9]+-dot-' + re.escape(allowed))
+          r'https://[A-Za-z0-9-]+-dot-' + re.escape(allowed))
       prod_pattern = re.compile(r'https://' + re.escape(allowed))
       if dev_pattern.match(origin) or prod_pattern.match(origin):
         set_cors_headers = True

diff --git a/dashboard/dashboard/api/api_request_handler_test.py b/dashboard/dashboard/api/api_request_handler_test.py
@@ -124,13 +124,13 @@ def testPost_ValidDevOrigin_HeadersSet(self):
     api_request_handler._ALLOWED_ORIGINS = ['foo.appspot.com']
     response = self.testapp.options(
         '/api/test',
-        headers={'origin': 'https://123jkjasdf-dot-foo.appspot.com'})
+        headers={'origin': 'https://dev-simon-123jkjasdf-dot-foo.appspot.com'})
     self.assertListEqual(
         [('Content-Length', '0'),
          ('Cache-Control', 'no-cache'),
          ('Content-Type', 'application/json; charset=utf-8'),
          ('Access-Control-Allow-Origin',
-          'https://123jkjasdf-dot-foo.appspot.com'),
+          'https://dev-simon-123jkjasdf-dot-foo.appspot.com'),
          ('Access-Control-Allow-Credentials', 'true'),
          ('Access-Control-Allow-Methods', 'GET,OPTIONS,POST'),
          ('Access-Control-Allow-Headers', 'Accept,Authorization,Content-Type'),