add configuration value to use a different Host key for CORS checks

2025-10-12 12:33:02 +00:00 · 2020-10-02 16:44:40 -04:00
parent 95649a3ece
commit 9c13861eb8
3 changed files with 37 additions and 1 deletions
--- a/jupyterhub/tests/test_api.py
+++ b/jupyterhub/tests/test_api.py
@@ -136,6 +136,32 @@ async def test_cors_checks(app):
    )
    assert r.status_code == 400  # accepted, but invalid

+    app.forwarded_host_header = 'X-Forwarded-Host'
+    r = await api_request(
+        app,
+        'users',
+        headers={
+            'Authorization': '',
+            'Referer': url,
+            'Host': host,
+            'X-Forwarded-Host': 'example.com',
+        },
+        cookies=cookies,
+    )
+    assert r.status_code == 403
+
+    r = await api_request(
+        app,
+        'users',
+        headers={
+            'Authorization': '',
+            'Referer': url,
+            'Host': host,
+            'X-Forwarded-Host': host,
+        },
+        cookies=cookies,
+    )
+    assert r.status_code == 200

 # --------------
 # User API tests