Skip to content

Commit b80238f

Browse files
rzatsrzats
committed
Log HTTP referer and origin
1 parent a2dcfad commit b80238f

File tree

2 files changed

+22
-1
lines changed

2 files changed

+22
-1
lines changed

src/server/_common.py

+5-1
Original file line numberDiff line numberDiff line change
@@ -125,7 +125,9 @@ def before_request_execute():
125125
real_remote_addr=get_real_ip_addr(request),
126126
user_agent=request.user_agent.string,
127127
api_key=api_key,
128-
user_id=(user and user.id)
128+
user_id=(user and user.id),
129+
req_referrer=request.referrer,
130+
req_origin=request.environ.get('HTTP_ORIGIN', '')
129131
)
130132

131133
if not _is_public_route() and api_key and not user:
@@ -171,6 +173,8 @@ def after_request_execute(response):
171173
response_status=response.status,
172174
content_length=response.calculate_content_length(),
173175
elapsed_time_ms=total_time,
176+
req_referrer=request.referrer,
177+
req_origin=request.environ.get('HTTP_ORIGIN', '')
174178
)
175179
return response
176180

tests/server/test_validate.py

+17
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ def setUp(self):
2626
app.config["TESTING"] = True
2727
app.config["WTF_CSRF_ENABLED"] = False
2828
app.config["DEBUG"] = False
29+
self.client = app.test_client()
2930

3031
def test_require_all(self):
3132
with self.subTest("all given"):
@@ -60,3 +61,19 @@ def test_require_any(self):
6061
with self.subTest("one options given with is empty but ok"):
6162
with app.test_request_context("/?abc="):
6263
self.assertTrue(require_any(request, "abc", empty=True))
64+
65+
def test_origin_headers(self):
66+
with self.subTest("referer and origin"):
67+
with self.assertLogs("server_api", level='INFO') as logs:
68+
self.client.get("/signal_dashboard_status", headers={
69+
"Referer": "https://test.com/test",
70+
"Origin": "https://test.com"
71+
})
72+
output = logs.output
73+
self.assertEqual(len(output), 2) # [before_request, after_request]
74+
self.assertIn("Received API request", output[0])
75+
self.assertIn("\"req_referrer\": \"https://test.com/test\"", output[0])
76+
self.assertIn("\"req_origin\": \"https://test.com\"", output[0])
77+
self.assertIn("Served API request", output[1])
78+
self.assertIn("\"req_referrer\": \"https://test.com/test\"", output[1])
79+
self.assertIn("\"req_origin\": \"https://test.com\"", output[1])

0 commit comments

Comments
 (0)