Don't try to set Access-Control-Allow-Origin to None in worklet tests
diff --git a/worklets/resources/credentials.py b/worklets/resources/credentials.py
index e9fac0e..d5fb05a 100644
--- a/worklets/resources/credentials.py
+++ b/worklets/resources/credentials.py
@@ -3,6 +3,12 @@
cookie = request.cookies.first(b"cookieName", None)
expected_value = request.GET.first(b"value", None)
source_origin = request.headers.get(b"origin", None)
+ if source_origin is None:
+ # Same origin GET won't include origin header
+ source_origin = "%s://%s" % (request.url_parts.scheme,
+ request.url_parts.netloc)
+ if request.url_parts.port:
+ source_origin += ":%s" % request.url_parts.port
response_headers = [(b"Content-Type", b"text/javascript"),
(b"Access-Control-Allow-Origin", source_origin),
@@ -11,4 +17,4 @@
if cookie == expected_value:
return (200, response_headers, u"")
- return (404, response_headers)
+ return (404, response_headers, u"")
diff --git a/worklets/resources/set-cookie.py b/worklets/resources/set-cookie.py
index 1b6eb6c..a36a69c 100644
--- a/worklets/resources/set-cookie.py
+++ b/worklets/resources/set-cookie.py
@@ -1,7 +1,13 @@
def main(request, response):
name = request.GET.first(b"name")
value = request.GET.first(b"value")
- source_origin = request.headers.get(b"origin", None)
+ source_origin = request.headers.get(b"origin")
+ if source_origin is None:
+ # Same origin GET won't include origin header
+ source_origin = "%s://%s" % (request.url_parts.scheme,
+ request.url_parts.netloc)
+ if request.url_parts.port:
+ source_origin += ":%s" % request.url_parts.port
response_headers = [(b"Set-Cookie", name + b"=" + value),
(b"Access-Control-Allow-Origin", source_origin),
