6e9ed9e8a9
check_origin() still ensures the Origin header is set but now only blocks when missing from the allowed list *if* a network location was extracted from the header. This prevents websocket connections originating from local files (common in Apache Cordova apps such as Mopidy-Mobile) from being blocked; these files don't really have a sensible value for Origin so the client browser sets the header to something like 'file://' or 'null'. Also added some tests for check_origin(). |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| test_events.py | ||
| test_handlers.py | ||
| test_server.py | ||