Add debug logging

asfadmin · Mar 21, 2024 · e924b5e · e924b5e
1 parent a13546a
commit e924b5e
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 5 deletions.
diff --git a/tests_e2e/test_cors.py b/tests_e2e/test_cors.py
@@ -51,8 +51,9 @@ def test_cors_preflight_options(urls, auth_cookies):
     headers = dict(r.headers)
 
     assert r.status_code == 204
-    assert headers.get("Access-Control-Allow-Origin") == origin_host
-    assert "GET" in headers.get("Access-Control-Allow-Methods")
+    assert headers["Access-Control-Allow-Origin"] == origin_host
+    assert set(headers["Access-Control-Allow-Methods"].split(", ")) >= {"GET", "HEAD", "OPTIONS"}
+    assert set(headers["Access-Control-Allow-Headers"].split(", ")) >= {"Authorization", "Origin"}
 
 
 def test_cors_preflight_options_origin_null(urls, auth_cookies):
@@ -71,5 +72,6 @@ def test_cors_preflight_options_origin_null(urls, auth_cookies):
     headers = dict(r.headers)
 
     assert r.status_code == 204
-    assert headers.get("Access-Control-Allow-Origin") == "null"
-    assert "GET" in headers.get("Access-Control-Allow-Methods")
+    assert headers["Access-Control-Allow-Origin"] == "null"
+    assert set(headers["Access-Control-Allow-Methods"].split(", ")) >= {"GET", "HEAD", "OPTIONS"}
+    assert set(headers["Access-Control-Allow-Headers"].split(", ")) >= {"Authorization", "Origin"}
diff --git a/thin_egress_app/app.py b/thin_egress_app/app.py
@@ -478,6 +478,7 @@ def is_cors_allowed():
     origin_header = app.current_request.headers.get("origin")
     cors_origin = os.getenv("CORS_ORIGIN")
 
+    log.debug("origin_header: %r, cors_origin: %r", origin_header, cors_origin)
     return bool(
         origin_header
         and cors_origin
@@ -966,21 +967,33 @@ def dynamic_url_options():
         "HEAD",
         "OPTIONS",
     ]
+    allowed_headers = [
+        "Authorization",
+        "Origin",
+        "X-Requested-With",
+    ]
     request_method = app.current_request.headers.get(
         "Access-Control-Request-Method",
         "",
     ).strip()
+    log.info("Received CORS preflight request for method: %r", request_method)
+
+    log.debug("is_cors_allowed: %s", is_cors_allowed())
+    log.debug("request_method in allowed_methods: %s", request_method in allowed_methods)
     if is_cors_allowed() and request_method in allowed_methods:
         headers = {
-            "Access-Control-Allow-Methods": ", ".join(allowed_methods)
+            "Access-Control-Allow-Methods": ", ".join(allowed_methods),
+            "Access-Control-Allow-Headers": ", ".join(allowed_headers),
         }
         add_cors_headers(headers)
+        log.info("Returning success response")
         return Response(
             body="",
             headers=headers,
             status_code=204,
         )
 
+    log.info("Returning error response")
     return Response(
         body="Method Not Allowed",
         status_code=405,