Show More
| @@ -45,10 +45,11 b' class ZMQStreamHandler(websocket.WebSocketHandler):' | |||||
| 45 | if(origin is None or host is None): |
|
45 | if(origin is None or host is None): | |
| 46 | return False |
|
46 | return False | |
| 47 |
|
47 | |||
| 48 | host_origin = "{0}://{1}".format(self.request.protocol, host) |
|
48 | origin = origin.lower() | |
|
|
49 | origin_host = urlparse(origin).netloc | |||
| 49 |
|
50 | |||
| 50 | # OK if origin matches host |
|
51 | # OK if origin matches host | |
| 51 |
if origin == host |
|
52 | if origin_host == host: | |
| 52 | return True |
|
53 | return True | |
| 53 |
|
54 | |||
| 54 | # Check CORS headers |
|
55 | # Check CORS headers | |
| @@ -58,6 +59,7 b' class ZMQStreamHandler(websocket.WebSocketHandler):' | |||||
| 58 | return bool(self.allow_origin_pat.match(origin)) |
|
59 | return bool(self.allow_origin_pat.match(origin)) | |
| 59 | else: |
|
60 | else: | |
| 60 | # No CORS headers deny the request |
|
61 | # No CORS headers deny the request | |
|
|
62 | self.log.warn("Cross Origin WebSocket Attempt from %s", self.get_origin()) | |||
| 61 | return False |
|
63 | return False | |
| 62 |
|
64 | |||
| 63 | def clear_cookie(self, *args, **kwargs): |
|
65 | def clear_cookie(self, *args, **kwargs): | |
| @@ -143,7 +145,6 b' class AuthenticatedZMQStreamHandler(ZMQStreamHandler, IPythonHandler):' | |||||
| 143 | # Tornado 4 already does CORS checking |
|
145 | # Tornado 4 already does CORS checking | |
| 144 | if tornado.version_info[0] < 4: |
|
146 | if tornado.version_info[0] < 4: | |
| 145 | if not self.check_origin(self.get_origin()): |
|
147 | if not self.check_origin(self.get_origin()): | |
| 146 | self.log.warn("Cross Origin WebSocket Attempt from %s", self.get_origin()) |
|
|||
| 147 | raise web.HTTPError(403) |
|
148 | raise web.HTTPError(403) | |
| 148 |
|
149 | |||
| 149 | self.session = Session(config=self.config) |
|
150 | self.session = Session(config=self.config) | |
General Comments 0
You need to be logged in to leave comments.
Login now