Show More
@@ -17,6 +17,11 b' Authors:' | |||||
17 | #----------------------------------------------------------------------------- |
|
17 | #----------------------------------------------------------------------------- | |
18 |
|
18 | |||
19 | try: |
|
19 | try: | |
|
20 | from urllib.parse import urlparse | |||
|
21 | except ImportError: | |||
|
22 | from urlparse import urlparse | |||
|
23 | ||||
|
24 | try: | |||
20 | from http.cookies import SimpleCookie # Py 3 |
|
25 | from http.cookies import SimpleCookie # Py 3 | |
21 | except ImportError: |
|
26 | except ImportError: | |
22 | from Cookie import SimpleCookie # Py 2 |
|
27 | from Cookie import SimpleCookie # Py 2 | |
@@ -37,6 +42,29 b' from .handlers import IPythonHandler' | |||||
37 | #----------------------------------------------------------------------------- |
|
42 | #----------------------------------------------------------------------------- | |
38 |
|
43 | |||
39 | class ZMQStreamHandler(websocket.WebSocketHandler): |
|
44 | class ZMQStreamHandler(websocket.WebSocketHandler): | |
|
45 | ||||
|
46 | def check_origin(self): | |||
|
47 | """Check origin from headers.""" | |||
|
48 | origin_header = self.request.headers["Origin"] | |||
|
49 | host = self.request.headers["Host"] | |||
|
50 | ||||
|
51 | parsed_origin = urlparse(origin_header) | |||
|
52 | origin = parsed_origin.netloc | |||
|
53 | ||||
|
54 | # Check to see that origin matches host directly, including ports | |||
|
55 | if origin != host: | |||
|
56 | self.log.critical("Cross Origin WebSocket Attempt.", exc_info=True) | |||
|
57 | raise web.HTTPError(404) | |||
|
58 | ||||
|
59 | ||||
|
60 | def _execute(self, transforms, *args, **kwargs): | |||
|
61 | """Wrap all calls to make sure origin gets checked.""" | |||
|
62 | ||||
|
63 | # Check to see that origin matches host directly, including ports | |||
|
64 | self.check_origin() | |||
|
65 | ||||
|
66 | # Pass on the rest of the handling by the WebSocketHandler | |||
|
67 | super(ZMQStreamHandler, self)._execute(transforms, *args, **kwargs) | |||
40 |
|
68 | |||
41 | def clear_cookie(self, *args, **kwargs): |
|
69 | def clear_cookie(self, *args, **kwargs): | |
42 | """meaningless for websockets""" |
|
70 | """meaningless for websockets""" |
General Comments 0
You need to be logged in to leave comments.
Login now