Show More
| @@ -42,7 +42,11 b' class ZMQStreamHandler(websocket.WebSocketHandler):' | |||
|
|
42 | 42 | host = self.request.headers.get("Host") |
|
|
43 | 43 | |
|
|
44 | 44 | # If no header is provided, assume we can't verify origin |
|
|
45 |
if |
|
|
|
45 | if origin is None: | |
|
|
46 | self.log.warn("Missing Origin header, rejecting WebSocket connection.") | |
|
|
47 | return False | |
|
|
48 | if host is None: | |
|
|
49 | self.log.warn("Missing Host header, rejecting WebSocket connection.") | |
|
|
46 | 50 | return False |
|
|
47 | 51 | |
|
|
48 | 52 | origin = origin.lower() |
| @@ -54,13 +58,17 b' class ZMQStreamHandler(websocket.WebSocketHandler):' | |||
|
|
54 | 58 | |
|
|
55 | 59 | # Check CORS headers |
|
|
56 | 60 | if self.allow_origin: |
|
|
57 |
|
|
|
|
61 | allow = self.allow_origin == origin | |
|
|
58 | 62 | elif self.allow_origin_pat: |
|
|
59 |
|
|
|
|
63 | allow = bool(self.allow_origin_pat.match(origin)) | |
|
|
60 | 64 | else: |
|
|
61 | 65 | # No CORS headers deny the request |
|
|
62 | self.log.warn("Cross Origin WebSocket Attempt from %s", self.get_origin()) | |
|
|
63 | return False | |
|
|
66 | allow = False | |
|
|
67 | if not allow: | |
|
|
68 | self.log.warn("Blocking Cross Origin WebSocket Attempt. Origin: %s, Host: %s", | |
|
|
69 | origin, host, | |
|
|
70 | ) | |
|
|
71 | return allow | |
|
|
64 | 72 | |
|
|
65 | 73 | def clear_cookie(self, *args, **kwargs): |
|
|
66 | 74 | """meaningless for websockets""" |
General Comments 0
You need to be logged in to leave comments.
Login now