upstream/ipython Commit - r14700:615f0e58

Performing check only on open.

Kyle Kelley -

r14700:615f0e58

parent child

IPython/html/base/zmqhandlers.py

0 +11 -18

              class ZMQStreamHandler(websocket.WebSocketHandler):
-                 def check_origin(self):
-                     """Check origin from headers."""
-                     origin_header = self.request.headers["Origin"]
-                     host = self.request.headers["Host"]
+                 def is_cross_origin(self):
+                     """Check to see that origin and host match in the headers."""
+                     origin_header = self.request.headers.get("Origin")
+                     host = self.request.headers.get("Host")
                      parsed_origin = urlparse(origin_header)
                      origin = parsed_origin.netloc
                      # Check to see that origin matches host directly, including ports
-                     if origin != host:
-                         self.log.warn("Cross Origin WebSocket Attempt.")
-                         raise web.HTTPError(404)
-                 def _execute(self, *args, **kwargs):
-                     """Wrap all calls to make sure origin gets checked."""
-                     # Check to see that origin matches host directly, including ports
-                     self.check_origin()
+                     return origin != host
-                     # Pass on the rest of the handling by the WebSocketHandler
-                     super(ZMQStreamHandler, self)._execute(*args, **kwargs)
                  def clear_cookie(self, *args, **kwargs):
                      """meaningless for websockets"""
                      pass
              class AuthenticatedZMQStreamHandler(ZMQStreamHandler, IPythonHandler):
                  def open(self, kernel_id):
+                     # Check to see that origin matches host directly, including ports
+                     if self.is_cross_origin():
+                         self.log.warn("Cross Origin WebSocket Attempt.")
+                         raise web.HTTPError(404)
                      self.kernel_id = cast_unicode(kernel_id, 'ascii')
                      self.session = Session(config=self.config)
                      self.save_on_message = self.on_message
                      if self.get_current_user() is None:
                          self.log.warn("Couldn't authenticate WebSocket connection")
                          raise web.HTTPError(403)
-                     self.on_message = self.save_on_message
  No newline at end of file
+                     self.on_message = self.save_on_message

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages