Show More
@@ -45,7 +45,15 b' class ZMQStreamHandler(websocket.WebSocketHandler):' | |||||
45 |
|
45 | |||
46 | def same_origin(self): |
|
46 | def same_origin(self): | |
47 | """Check to see that origin and host match in the headers.""" |
|
47 | """Check to see that origin and host match in the headers.""" | |
48 | origin_header = self.request.headers.get("Origin") |
|
48 | ||
|
49 | # The difference between version 8 and 13 is that in 8 the | |||
|
50 | # client sends a "Sec-Websocket-Origin" header and in 13 it's | |||
|
51 | # simply "Origin". | |||
|
52 | if self.request.headers.get("Sec-WebSocket-Version") in ("7", "8"): | |||
|
53 | origin_header = self.request.headers.get("Sec-Websocket-Origin") | |||
|
54 | else: | |||
|
55 | origin_header = self.request.headers.get("Origin") | |||
|
56 | ||||
49 | host = self.request.headers.get("Host") |
|
57 | host = self.request.headers.get("Host") | |
50 |
|
58 | |||
51 | # If no header is provided, assume we can't verify origin |
|
59 | # If no header is provided, assume we can't verify origin |
General Comments 0
You need to be logged in to leave comments.
Login now