bug: handle exception when origin header is missing

rouilj · rouilj · commit 8ab14c5c4cbc · 2022-12-11T18:54:21.000-05:00
Handle the KeyError raised if self.env['HTTP_ORIGIN'] is missing.

This is the bug that triggered the fix to run_cgi's top level exception
handler.
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -57,6 +57,7 @@ Fixed:
   url. (John Rouillard)
 - Fix final exception handler in roundup-server to send proper
   Content-Length header to the client. (John Rouillard)
+- Fix traceback if Origin header is missing. (John Rouillard)
 
 Features:
 
diff --git a/roundup/cgi/client.py b/roundup/cgi/client.py
@@ -1259,7 +1259,11 @@ def check_anonymous_access(self):
                                           "allowed to use the web interface"))
 
     def is_origin_header_ok(self, api=False):
-        origin = self.env['HTTP_ORIGIN']
+        try:
+            origin = self.env['HTTP_ORIGIN']
+        except KeyError:
+            return False
+
         # note base https://host/... ends host with with a /,
         # so add it to origin.
         foundat = self.base.find(origin + '/')
