andpp/mopidy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

HTTP: Apply allowed_origins to Websocket requests also.

Browse Source
This commit is contained in:
Nick Steel 2018-04-12 23:24:44 +01:00
parent 7caba4a05d
commit 51741a7cbc
3 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/ext/http.rst
View File

@ -102,8 +102,9 @@ See :ref:`config` for general help on configuring Mopidy.
.. confval:: http/allowed_origins .. confval:: http/allowed_origins
A list of domains allowed to perform Cross-Origin Resource Sharing (CORS) A list of domains allowed to perform Cross-Origin Resource Sharing (CORS)
requests. Values should be in the format ``hostname:port`` and separated requests. This applies to both JSON-RPC and Websocket requests. Values
by either a comma or newline. should be in the format ``hostname:port`` and separated by either a comma or
newline.
If you want to access Mopidy's web server from a different web server, you If you want to access Mopidy's web server from a different web server, you
will need to add an entry for that server in this list. will need to add an entry for that server in this list.

8
mopidy/http/handlers.py
View File

@ -26,6 +26,7 @@ def make_mopidy_app_factory(apps, statics):
return [ return [
(r'/ws/?', WebSocketHandler, { (r'/ws/?', WebSocketHandler, {
'core': core, 'core': core,
'allowed_origins': allowed_origins,
}), }),
(r'/rpc', JsonRpcHandler, { (r'/rpc', JsonRpcHandler, {
'core': core, 'core': core,
@ -101,8 +102,9 @@ class WebSocketHandler(tornado.websocket.WebSocketHandler):
# One callback per client to keep time we hold up the loop short # One callback per client to keep time we hold up the loop short
loop.add_callback(functools.partial(_send_broadcast, client, msg)) loop.add_callback(functools.partial(_send_broadcast, client, msg))
def initialize(self, core): def initialize(self, core, allowed_origins):
self.jsonrpc = make_jsonrpc_wrapper(core) self.jsonrpc = make_jsonrpc_wrapper(core)
self.allowed_origins = allowed_origins
def open(self): def open(self):
self.set_nodelay(True) self.set_nodelay(True)
@ -137,9 +139,7 @@ class WebSocketHandler(tornado.websocket.WebSocketHandler):
self.close() self.close()
def check_origin(self, origin): def check_origin(self, origin):
# Allow cross-origin WebSocket connections, like Tornado before 4.0 return check_origin(origin, self.request.headers, self.allowed_origins)
# defaulted to.
return True
def set_mopidy_headers(request_handler): def set_mopidy_headers(request_handler):

4
tests/http/test_handlers.py
View File

@ -46,7 +46,9 @@ class WebSocketHandlerTest(tornado.testing.AsyncHTTPTestCase):
def get_app(self): def get_app(self):
self.core = mock.Mock() self.core = mock.Mock()
return tornado.web.Application([ return tornado.web.Application([
(r'/ws/?', handlers.WebSocketHandler, {'core': self.core}) (r'/ws/?', handlers.WebSocketHandler, {
'core': self.core, 'allowed_origins': []
})
]) ])
def connection(self): def connection(self):