cmu-delphi · melange396 · May 13, 2024 · May 9, 2024 · May 10, 2024 · May 13, 2024
diff --git a/src/server/_common.py b/src/server/_common.py
@@ -125,7 +125,9 @@ def before_request_execute():
         real_remote_addr=get_real_ip_addr(request),
         user_agent=request.user_agent.string,
         api_key=api_key,
-        user_id=(user and user.id)
+        user_id=(user and user.id),
+        req_referrer=request.referrer,
+        req_origin=request.environ.get('HTTP_ORIGIN', '')
-        req_referrer=request.referrer,
-        req_origin=request.environ.get('HTTP_ORIGIN', '')
+        refer_origin=request.referrer or request.origin,
-        req_referrer=request.referrer,
-        req_origin=request.environ.get('HTTP_ORIGIN', '')
+        refer_origin=request.referrer or request.origin,
     )
 
     if not _is_public_route() and api_key and not user:
@@ -171,6 +173,8 @@ def after_request_execute(response):
         response_status=response.status,
         content_length=response.calculate_content_length(),
         elapsed_time_ms=total_time,
+        req_referrer=request.referrer,
+        req_origin=request.environ.get('HTTP_ORIGIN', '')
     )
     return response
 

diff --git a/tests/server/test_validate.py b/tests/server/test_validate.py
@@ -26,6 +26,7 @@ def setUp(self):
         app.config["TESTING"] = True
         app.config["WTF_CSRF_ENABLED"] = False
         app.config["DEBUG"] = False
+        self.client = app.test_client()
 
     def test_require_all(self):
         with self.subTest("all given"):
@@ -60,3 +61,19 @@ def test_require_any(self):
         with self.subTest("one options given with is empty but ok"):
             with app.test_request_context("/?abc="):
                 self.assertTrue(require_any(request, "abc", empty=True))
+
+    def test_origin_headers(self):
+        with self.subTest("referer and origin"):
+            with self.assertLogs("server_api", level='INFO') as logs:
+                self.client.get("/signal_dashboard_status", headers={
+                    "Referer": "https://test.com/test",
+                    "Origin": "https://test.com"
+                })
+            output = logs.output
+            self.assertEqual(len(output), 2) # [before_request, after_request]
+            self.assertIn("Received API request", output[0])
+            self.assertIn("\"req_referrer\": \"https://test.com/test\"", output[0])
+            self.assertIn("\"req_origin\": \"https://test.com\"", output[0])
+            self.assertIn("Served API request", output[1])
+            self.assertIn("\"req_referrer\": \"https://test.com/test\"", output[1])
+            self.assertIn("\"req_origin\": \"https://test.com\"", output[1])