mirror/notebook
2
0
Fork 0
mirror of https://github.com/jupyter/notebook.git synced 2025-01-12 11:45:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5898 from minrk/allow_origin_wildcard

Browse Source 
handle allow_origin='*' in check_referer
This commit is contained in:
Kevin Bates 2020-12-19 10:07:18 -08:00 committed by GitHub
commit 24bf3a5a73
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
notebook/base/handlers.py
View File

@ -404,6 +404,10 @@ class IPythonHandler(AuthenticatedHandler):
Used on GET for api endpoints and /files/
to block cross-site inclusion (XSSI).
"""
if self.allow_origin == "*" or self.skip_check_origin():
return True
host = self.request.headers.get("Host")
referer = self.request.headers.get("Referer")