Merge pull request #55207 from niflostancu/fix-cherrypy-cors

Fix CherryPy CORS on Python3
saltstack · Dec 7, 2019 · 825a3b0 · 825a3b0
2 parents 9d1d3b1 + 213b1ea
commit 825a3b0
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 2 deletions.
diff --git a/salt/netapi/rest_cherrypy/app.py b/salt/netapi/rest_cherrypy/app.py
@@ -820,9 +820,11 @@ def cors_tool():
             resp_head['Connection'] = 'keep-alive'
             resp_head['Access-Control-Max-Age'] = '1400'
 
-        # CORS requests should short-circuit the other tools.
-        cherrypy.response.body = ''
+        # Note: CherryPy on Py3 uses binary objects for the response
+        # Python 2.6 also supports the byte prefix, so no need for conditionals
+        cherrypy.response.body = b''
         cherrypy.response.status = 200
+        # CORS requests should short-circuit the other tools.
         cherrypy.serving.request.handler = None
 
         # Needed to avoid the auth_tool check.

diff --git a/tests/unit/netapi/test_rest_cherrypy.py b/tests/unit/netapi/test_rest_cherrypy.py
@@ -87,3 +87,19 @@ def test_yaml_ctype(self):
         ))
         self.assertEqual(response.status, '200 OK')
         self.assertDictEqual(request.unserialized_data, data)
+
+
+class TestCors(BaseToolsTest):
+    def __get_cp_config__(self):
+        return {
+            'tools.cors_tool.on': True,
+        }
+
+    def test_option_request(self):
+        request, response = self.request(
+            '/', method='OPTIONS', headers=(
+                ('Origin', 'https://domain.com'),
+            ))
+        self.assertEqual(response.status, '200 OK')
+        self.assertEqual(response.headers.get(
+            'Access-Control-Allow-Origin'), 'https://domain.com')