Handle varying origin name

diff --git a/tornado/websocket.py b/tornado/websocket.py
index fc61c2f6779068a7744cdbff9f5db8e28233580e..b67a61bd81a1c5758f7b4fb24f082bb5aaf865c5 100644 (file)
--- a/tornado/websocket.py
+++ b/tornado/websocket.py
@@ -174,7 +174,15 @@ class WebSocketHandler(tornado.web.RequestHandler):
 
     def same_origin(self):
         """Check to see that origin and host match in the headers."""
-        origin_header = self.request.headers.get("Origin")
+
+        # The difference between version 8 and 13 is that in 8 the
+        # client sends a "Sec-Websocket-Origin" header and in 13 it's
+        # simply "Origin".
+        if self.request.headers.get("Sec-WebSocket-Version") in ("7", "8"):
+            origin_header = self.request.headers.get("Sec-Websocket-Origin")
+        else:
+            origin_header = self.request.headers.get("Origin")
+
         host = self.request.headers.get("Host")
 
         # If no header is provided, assume we can't verify origin