diff --git a/IPython/html/base/zmqhandlers.py b/IPython/html/base/zmqhandlers.py index 6c015bd..99f432e 100644 --- a/IPython/html/base/zmqhandlers.py +++ b/IPython/html/base/zmqhandlers.py @@ -45,7 +45,15 @@ class ZMQStreamHandler(websocket.WebSocketHandler): def same_origin(self): """Check to see that origin and host match in the headers.""" - origin_header = self.request.headers.get("Origin") + + # The difference between version 8 and 13 is that in 8 the + # client sends a "Sec-Websocket-Origin" header and in 13 it's + # simply "Origin". + if self.request.headers.get("Sec-WebSocket-Version") in ("7", "8"): + origin_header = self.request.headers.get("Sec-Websocket-Origin") + else: + origin_header = self.request.headers.get("Origin") + host = self.request.headers.get("Host") # If no header is provided, assume we can't verify origin