|
|
|
|
@ -42,7 +42,11 @@ class ZMQStreamHandler(websocket.WebSocketHandler):
|
|
|
|
|
host = self.request.headers.get("Host")
|
|
|
|
|
|
|
|
|
|
# If no header is provided, assume we can't verify origin
|
|
|
|
|
if(origin is None or host is None):
|
|
|
|
|
if origin is None:
|
|
|
|
|
self.log.warn("Missing Origin header, rejecting WebSocket connection.")
|
|
|
|
|
return False
|
|
|
|
|
if host is None:
|
|
|
|
|
self.log.warn("Missing Host header, rejecting WebSocket connection.")
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
origin = origin.lower()
|
|
|
|
|
@ -54,13 +58,17 @@ class ZMQStreamHandler(websocket.WebSocketHandler):
|
|
|
|
|
|
|
|
|
|
# Check CORS headers
|
|
|
|
|
if self.allow_origin:
|
|
|
|
|
return self.allow_origin == origin
|
|
|
|
|
allow = self.allow_origin == origin
|
|
|
|
|
elif self.allow_origin_pat:
|
|
|
|
|
return bool(self.allow_origin_pat.match(origin))
|
|
|
|
|
allow = bool(self.allow_origin_pat.match(origin))
|
|
|
|
|
else:
|
|
|
|
|
# No CORS headers deny the request
|
|
|
|
|
self.log.warn("Cross Origin WebSocket Attempt from %s", self.get_origin())
|
|
|
|
|
return False
|
|
|
|
|
allow = False
|
|
|
|
|
if not allow:
|
|
|
|
|
self.log.warn("Blocking Cross Origin WebSocket Attempt. Origin: %s, Host: %s",
|
|
|
|
|
origin, host,
|
|
|
|
|
)
|
|
|
|
|
return allow
|
|
|
|
|
|
|
|
|
|
def clear_cookie(self, *args, **kwargs):
|
|
|
|
|
"""meaningless for websockets"""
|
|
|
|
|
|
MinRK
12 years ago