From c93bbb3dc98bca3ccf10046c671614bf7dbc7fe2 Mon Sep 17 00:00:00 2001
From: Min RK <benjaminrk@gmail.com>
Date: Fri, 18 Nov 2016 11:49:43 +0100
Subject: [PATCH] Backport PR #1903: Allow websocket connections from scripts

scripts don't set origin on connection

we allow these on API requests, websockets should match.

cc  rgbkrk: is there a reason we block 'missing origin' websockets when we allow the same for API requests? Is it possible for a request from a sensible browser to be missing Host and/or Origin?
---
 notebook/base/zmqhandlers.py | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/notebook/base/zmqhandlers.py b/notebook/base/zmqhandlers.py
index 1cfa8ecb3..4c4aa0044 100644
--- a/notebook/base/zmqhandlers.py
+++ b/notebook/base/zmqhandlers.py
@@ -132,15 +132,11 @@ class WebSocketMixin(object):
         host = self.request.headers.get("Host")
         if origin is None:
             origin = self.get_origin()
-        
-        # If no header is provided, assume we can't verify origin
-        if origin is None:
-            self.log.warn("Missing Origin header, rejecting WebSocket connection.")
-            return False
-        if host is None:
-            self.log.warn("Missing Host header, rejecting WebSocket connection.")
-            return False
-        
+
+        # If no origin or host header is provided, assume from script
+        if origin is None or host is None:
+            return True
+
         origin = origin.lower()
         origin_host = urlparse(origin).netloc