upstream/ipython Commit - r14700:615f0e58

Performing check only on open.

Kyle Kelley -

r14700:615f0e58

parent child

IPython/html/base/zmqhandlers.py

0 +11 -18

             class ZMQStreamHandler(websocket.WebSocketHandler):
-                def check_origin(self):
+                def is_cross_origin(self):
-                    """Check origin from headers."""
+                    """Check to see that origin and host match in the headers."""
-                    origin_header = self.request.headers["Origin"]
+                    origin_header = self.request.headers.get("Origin")
-                    host = self.request.headers["Host"]
+                    host = self.request.headers.get("Host")
                     parsed_origin = urlparse(origin_header)
                     origin = parsed_origin.netloc
                     # Check to see that origin matches host directly, including ports
-                    if origin != host:
+                    return origin != host
-                        self.log.warn("Cross Origin WebSocket Attempt.")
-                        raise web.HTTPError(404)
-                def _execute(self, *args, **kwargs):
-                    """Wrap all calls to make sure origin gets checked."""
-                    # Check to see that origin matches host directly, including ports
-                    self.check_origin()
-                    # Pass on the rest of the handling by the WebSocketHandler
-                    super(ZMQStreamHandler, self)._execute(*args, **kwargs)
                 def clear_cookie(self, *args, **kwargs):
                     """meaningless for websockets"""
                     pass
             class AuthenticatedZMQStreamHandler(ZMQStreamHandler, IPythonHandler):
                 def open(self, kernel_id):
+                    # Check to see that origin matches host directly, including ports
+                    if self.is_cross_origin():
+                        self.log.warn("Cross Origin WebSocket Attempt.")
+                        raise web.HTTPError(404)
                     self.kernel_id = cast_unicode(kernel_id, 'ascii')
                     self.session = Session(config=self.config)
                     self.save_on_message = self.on_message
                     if self.get_current_user() is None:
                         self.log.warn("Couldn't authenticate WebSocket connection")
                         raise web.HTTPError(403)
-                    self.on_message = self.save_on_message
  No newline at end of file
+                    self.on_message = self.save_on_message

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages