External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-12 18:40:01 -03:30
Code Issues Packages Projects Releases Wiki Activity

reject ws:// connections w/ origin mismatches

Browse Source 
see: https://github.com/ansible/tower/issues/2647
This commit is contained in:
Ryan Petrello 2018-07-23 21:19:06 -04:00
parent 4c023d21af
commit e7279f2fe2
No known key found for this signature in database
GPG Key ID: F2AA5F2122351777
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
awx/main/consumers.py
View File

@ -3,7 +3,9 @@ import logging
from channels import Group
from channels.auth import channel_session_user_from_http, channel_session_user
from channels.exceptions import DenyConnection
from django.conf import settings
from django.core.serializers.json import DjangoJSONEncoder
@ -18,6 +20,10 @@ def discard_groups(message):
@channel_session_user_from_http
def ws_connect(message):
origin = dict(message.content.get('headers', {})).get('origin')
if settings.DEBUG is False and origin != settings.TOWER_URL_BASE:
logger.error("ws:// origin header mismatch {} != {}".format(origin, settings.TOWER_URL_BASE))
raise DenyConnection()
message.reply_channel.send({"accept": True})
message.content['method'] = 'FAKE'
if message.user.is_authenticated():