Show More
@@ -43,19 +43,20 b' from .handlers import IPythonHandler' | |||
|
43 | 43 | |
|
44 | 44 | class ZMQStreamHandler(websocket.WebSocketHandler): |
|
45 | 45 | |
|
46 |
def |
|
|
46 | def same_origin(self): | |
|
47 | 47 | """Check to see that origin and host match in the headers.""" |
|
48 | 48 | origin_header = self.request.headers.get("Origin") |
|
49 | 49 | host = self.request.headers.get("Host") |
|
50 | 50 | |
|
51 | # If no header is provided, assume we can't verify origin | |
|
51 | 52 | if(origin_header == None or host == None): |
|
52 |
return |
|
|
53 | return False | |
|
53 | 54 | |
|
54 | 55 | parsed_origin = urlparse(origin_header) |
|
55 | 56 | origin = parsed_origin.netloc |
|
56 | 57 | |
|
57 | 58 | # Check to see that origin matches host directly, including ports |
|
58 |
return origin |
|
|
59 | return origin == host | |
|
59 | 60 | |
|
60 | 61 | def clear_cookie(self, *args, **kwargs): |
|
61 | 62 | """meaningless for websockets""" |
@@ -106,7 +107,7 b' class AuthenticatedZMQStreamHandler(ZMQStreamHandler, IPythonHandler):' | |||
|
106 | 107 | |
|
107 | 108 | def open(self, kernel_id): |
|
108 | 109 | # Check to see that origin matches host directly, including ports |
|
109 |
if self. |
|
|
110 | if not self.same_origin(): | |
|
110 | 111 | self.log.warn("Cross Origin WebSocket Attempt.") |
|
111 | 112 | raise web.HTTPError(404) |
|
112 | 113 |
General Comments 0
You need to be logged in to leave comments.
Login now