diff --git a/IPython/html/base/zmqhandlers.py b/IPython/html/base/zmqhandlers.py
index 0d4c95a..c651dbb 100644
--- a/IPython/html/base/zmqhandlers.py
+++ b/IPython/html/base/zmqhandlers.py
@@ -17,6 +17,11 @@ Authors:
#-----------------------------------------------------------------------------
try:
+ from urllib.parse import urlparse
+except ImportError:
+ from urlparse import urlparse
+
+try:
from http.cookies import SimpleCookie # Py 3
except ImportError:
from Cookie import SimpleCookie # Py 2
@@ -37,6 +42,29 @@ from .handlers import IPythonHandler
#-----------------------------------------------------------------------------
class ZMQStreamHandler(websocket.WebSocketHandler):
+
+ def check_origin(self):
+ """Check origin from headers."""
+ origin_header = self.request.headers["Origin"]
+ host = self.request.headers["Host"]
+
+ parsed_origin = urlparse(origin_header)
+ origin = parsed_origin.netloc
+
+ # Check to see that origin matches host directly, including ports
+ if origin != host:
+ self.log.critical("Cross Origin WebSocket Attempt.", exc_info=True)
+ raise web.HTTPError(404)
+
+
+ def _execute(self, transforms, *args, **kwargs):
+ """Wrap all calls to make sure origin gets checked."""
+
+ # Check to see that origin matches host directly, including ports
+ self.check_origin()
+
+ # Pass on the rest of the handling by the WebSocketHandler
+ super(ZMQStreamHandler, self)._execute(transforms, *args, **kwargs)
def clear_cookie(self, *args, **kwargs):
"""meaningless for websockets"""