upstream/ipython Commit - r14703:20a033d2

43

44

class ZMQStreamHandler(websocket.WebSocketHandler):

44

class ZMQStreamHandler(websocket.WebSocketHandler):

45

46

def ~~is_cross~~_origin(self):

46

def same_origin(self):

47

"""Check to see that origin and host match in the headers."""

47

"""Check to see that origin and host match in the headers."""

48

origin_header = self.request.headers.get("Origin")

48

origin_header = self.request.headers.get("Origin")

49

host = self.request.headers.get("Host")

49

host = self.request.headers.get("Host")

50

51

# If no header is provided, assume we can't verify origin

51

if(origin_header == None or host == None):

52

if(origin_header == None or host == None):

52

return ~~Tru~~e

53

return False

53

54

parsed_origin = urlparse(origin_header)

55

parsed_origin = urlparse(origin_header)

55

origin = parsed_origin.netloc

56

origin = parsed_origin.netloc

56

57

# Check to see that origin matches host directly, including ports

58

# Check to see that origin matches host directly, including ports

58

return origin != host

59

return origin == host

59

60

def clear_cookie(self, *args, **kwargs):

61

def clear_cookie(self, *args, **kwargs):

61

"""meaningless for websockets"""

62

"""meaningless for websockets"""

106

107

def open(self, kernel_id):

108

def open(self, kernel_id):

108

# Check to see that origin matches host directly, including ports

109

# Check to see that origin matches host directly, including ports

109

if self.~~is_cross~~_origin():

110

if not self.same_origin():

110

self.log.warn("Cross Origin WebSocket Attempt.")

111

self.log.warn("Cross Origin WebSocket Attempt.")

111

raise web.HTTPError(404)

112

raise web.HTTPError(404)

112

113

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             class ZMQStreamHandler(websocket.WebSocketHandler):
-                def is_cross_origin(self):
+                def same_origin(self):
                     """Check to see that origin and host match in the headers."""
                     origin_header = self.request.headers.get("Origin")
                     host = self.request.headers.get("Host")
+                    # If no header is provided, assume we can't verify origin
                     if(origin_header == None or host == None):
-                        return True
+                        return False
                     parsed_origin = urlparse(origin_header)
                     origin = parsed_origin.netloc
                     # Check to see that origin matches host directly, including ports
-                    return origin != host
+                    return origin == host
                 def clear_cookie(self, *args, **kwargs):
                     """meaningless for websockets"""
                 def open(self, kernel_id):
                     # Check to see that origin matches host directly, including ports
-                    if self.is_cross_origin():
+                    if not self.same_origin():
                         self.log.warn("Cross Origin WebSocket Attempt.")
                         raise web.HTTPError(404)