From 98d89a1fcef2c7ffdec3bfda5ea86f2e9c4261f6 Mon Sep 17 00:00:00 2001
From: Syed Ahmed <syed@apache.org>
Date: Tue, 28 Mar 2023 06:13:34 -0400
Subject: [PATCH] cors: check for request_origin being set (PROJQUAY-5213)
 (#1811)

Some browsers might not set the Origin header
in the request. Ignore the origin check in such
cases
---
 util/request.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/request.py b/util/request.py
index ed6ba42cd..8063622b4 100644
--- a/util/request.py
+++ b/util/request.py
@@ -39,7 +39,7 @@ def crossorigin(anonymous=True):
                 # the Origin header from the request to set the
                 # correct Allow-Origin
                 request_origin = request.headers.get("Origin")
-                if request_origin in cors_origin_list:
+                if request_origin and request_origin in cors_origin_list:
                     cors_origin = request_origin
 
             headers = BASE_CROSS_DOMAIN_HEADERS