mirror/notebook
2
0
Fork 0
mirror of https://github.com/jupyter/notebook.git synced 2025-01-12 11:45:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

handle allow_origin='*' in check_referrer

Browse Source 
allow_origin can be the wildcard '*' to allow any host

check_referer should match check_origin
This commit is contained in:
Min RK 2020-12-04 12:05:46 +01:00
parent eb2b4c6a7f
commit 067c3993f2
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
notebook/base/handlers.py
View File

@ -404,6 +404,10 @@ class IPythonHandler(AuthenticatedHandler):
Used on GET for api endpoints and /files/ Used on GET for api endpoints and /files/
to block cross-site inclusion (XSSI). to block cross-site inclusion (XSSI).
""" """
if self.allow_origin == "*" or self.skip_check_origin():
return True
host = self.request.headers.get("Host") host = self.request.headers.get("Host")
referer = self.request.headers.get("Referer") referer = self.request.headers.get("Referer")