Handle variations of name for origin

12 years ago · ddc9340a6a
parent e06f501cd6
commit ddc9340a6a
1 changed files with 9 additions and 1 deletions
--- a/IPython/html/base/zmqhandlers.py
+++ b/IPython/html/base/zmqhandlers.py
@ -45,7 +45,15 @@ class ZMQStreamHandler(websocket.WebSocketHandler):

    def same_origin(self):
        """Check to see that origin and host match in the headers."""
-        origin_header = self.request.headers.get("Origin")
+
+        # The difference between version 8 and 13 is that in 8 the
+        # client sends a "Sec-Websocket-Origin" header and in 13 it's
+        # simply "Origin".
+        if self.request.headers.get("Sec-WebSocket-Version") in ("7", "8"):
+            origin_header = self.request.headers.get("Sec-Websocket-Origin")
+        else:
+            origin_header = self.request.headers.get("Origin")
+
        host = self.request.headers.get("Host")

        # If no header is provided, assume we can't verify origin