upstream/ipython Commit - r17116:c6e54783

s/cors_/allow_/...

MinRK -

r17116:c6e54783

parent child

IPython/html/base/handlers.py

0 +12 -12

                 #---------------------------------------------------------------
                 @property
-                def cors_origin(self):
+                def allow_origin(self):
                     """Normal Access-Control-Allow-Origin"""
-                    return self.settings.get('cors_origin', '')
+                    return self.settings.get('allow_origin', '')
                 @property
-                def cors_origin_pat(self):
+                def allow_origin_pat(self):
-                    """Regular expression version of cors_origin"""
+                    """Regular expression version of allow_origin"""
-                    return self.settings.get('cors_origin_pat', None)
+                    return self.settings.get('allow_origin_pat', None)
                 @property
-                def cors_credentials(self):
+                def allow_credentials(self):
                     """Whether to set Access-Control-Allow-Credentials"""
-                    return self.settings.get('cors_credentials', False)
+                    return self.settings.get('allow_credentials', False)
                 def set_default_headers(self):
                     """Add CORS headers, if defined"""
                     super(IPythonHandler, self).set_default_headers()
-                    if self.cors_origin:
+                    if self.allow_origin:
-                        self.set_header("Access-Control-Allow-Origin", self.cors_origin)
+                        self.set_header("Access-Control-Allow-Origin", self.allow_origin)
-                    elif self.cors_origin_pat:
+                    elif self.allow_origin_pat:
                         origin = self.get_origin()
-                        if origin and self.cors_origin_pat.match(origin):
+                        if origin and self.allow_origin_pat.match(origin):
                             self.set_header("Access-Control-Allow-Origin", origin)
-                    if self.cors_credentials:
+                    if self.allow_credentials:
                         self.set_header("Access-Control-Allow-Credentials", 'true')
                 def get_origin(self):

IPython/html/base/zmqhandlers.py

0 +13 -12

             class ZMQStreamHandler(websocket.WebSocketHandler):
                 def check_origin(self, origin):
-                    """Check Origin == Host or CORS origins."""
+                    """Check Origin == Host or Access-Control-Allow-Origin.
-                    if self.cors_origin == '*':
+                    Tornado >= 4 calls this method automatically, raising 403 if it returns False.
+                    We call it explicitly in `open` on Tornado < 4.
+                    """
+                    if self.allow_origin == '*':
                         return True
                     host = self.request.headers.get("Host")
                         return True
                     # Check CORS headers
-                    if self.cors_origin:
+                    if self.allow_origin:
-                        if self.cors_origin == '*':
+                        return self.allow_origin == origin
-                            return True
+                    elif self.allow_origin_pat:
-                        else:
+                        return bool(self.allow_origin_pat.match(origin))
-                            return self.cors_origin == origin
-                    elif self.cors_origin_pat:
-                        return bool(self.cors_origin_pat.match(origin))
                     else:
-                        # No CORS headers, deny the request
+                        # No CORS headers deny the request
                         return False
                 def clear_cookie(self, *args, **kwargs):
                     # Tornado 4 already does CORS checking
                     if tornado.version_info[0] < 4:
                         if not self.check_origin(self.get_origin()):
-                            self.log.warn("Cross Origin WebSocket Attempt.")
+                            self.log.warn("Cross Origin WebSocket Attempt from %s", self.get_origin())
-                            raise web.HTTPError(404)
+                            raise web.HTTPError(403)
                     self.session = Session(config=self.config)
                     self.save_on_message = self.on_message

IPython/html/notebookapp.py

0 +8 -8

                 # Network related information
-                cors_origin = Unicode('', config=True,
+                allow_origin = Unicode('', config=True,
                     help="""Set the Access-Control-Allow-Origin header
                     Use '*' to allow any origin to access your server.
-                    Mutually exclusive with cors_origin_pat.
+                    Takes precedence over allow_origin_pat.
                     """
                 )
-                cors_origin_pat = Unicode('', config=True,
+                allow_origin_pat = Unicode('', config=True,
                     help="""Use a regular expression for the Access-Control-Allow-Origin header
                     Requests from an origin matching the expression will get replies with:
                     where `origin` is the origin of the request.
-                    Mutually exclusive with cors_origin.
+                    Ignored if allow_origin is set.
                     """
                 )
-                cors_credentials = Bool(False, config=True,
+                allow_credentials = Bool(False, config=True,
                     help="Set the Access-Control-Allow-Credentials: true header"
                 )
                 def init_webapp(self):
                     """initialize tornado webapp and httpserver"""
-                    self.webapp_settings['cors_origin'] = self.cors_origin
+                    self.webapp_settings['allow_origin'] = self.allow_origin
-                    self.webapp_settings['cors_origin_pat'] = re.compile(self.cors_origin_pat)
+                    self.webapp_settings['allow_origin_pat'] = re.compile(self.allow_origin_pat)
-                    self.webapp_settings['cors_credentials'] = self.cors_credentials
+                    self.webapp_settings['allow_credentials'] = self.allow_credentials
                     self.web_app = NotebookWebApplication(
                         self, self.kernel_manager, self.notebook_manager,

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages