Show More
| @@ -42,7 +42,11 b' class ZMQStreamHandler(websocket.WebSocketHandler):' | |||||
| 42 | host = self.request.headers.get("Host") |
|
42 | host = self.request.headers.get("Host") | |
| 43 |
|
43 | |||
| 44 | # If no header is provided, assume we can't verify origin |
|
44 | # If no header is provided, assume we can't verify origin | |
| 45 |
if |
|
45 | if origin is None: | |
|
|
46 | self.log.warn("Missing Origin header, rejecting WebSocket connection.") | |||
|
|
47 | return False | |||
|
|
48 | if host is None: | |||
|
|
49 | self.log.warn("Missing Host header, rejecting WebSocket connection.") | |||
| 46 | return False |
|
50 | return False | |
| 47 |
|
51 | |||
| 48 | origin = origin.lower() |
|
52 | origin = origin.lower() | |
| @@ -54,13 +58,17 b' class ZMQStreamHandler(websocket.WebSocketHandler):' | |||||
| 54 |
|
58 | |||
| 55 | # Check CORS headers |
|
59 | # Check CORS headers | |
| 56 | if self.allow_origin: |
|
60 | if self.allow_origin: | |
| 57 |
|
|
61 | allow = self.allow_origin == origin | |
| 58 | elif self.allow_origin_pat: |
|
62 | elif self.allow_origin_pat: | |
| 59 |
|
|
63 | allow = bool(self.allow_origin_pat.match(origin)) | |
| 60 | else: |
|
64 | else: | |
| 61 | # No CORS headers deny the request |
|
65 | # No CORS headers deny the request | |
| 62 | self.log.warn("Cross Origin WebSocket Attempt from %s", self.get_origin()) |
|
66 | allow = False | |
| 63 | return False |
|
67 | if not allow: | |
|
|
68 | self.log.warn("Blocking Cross Origin WebSocket Attempt. Origin: %s, Host: %s", | |||
|
|
69 | origin, host, | |||
|
|
70 | ) | |||
|
|
71 | return allow | |||
| 64 |
|
72 | |||
| 65 | def clear_cookie(self, *args, **kwargs): |
|
73 | def clear_cookie(self, *args, **kwargs): | |
| 66 | """meaningless for websockets""" |
|
74 | """meaningless for websockets""" | |
General Comments 0
You need to be logged in to leave comments.
Login now