From: Kyle Kelley <kyle.kelley@rackspace.com>
Date: Tue, 28 Jan 2014 03:22:59 +0000 (-0700)
Subject: Move nil origin check out to execute
X-Git-Tag: v4.0.0b1~35^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=47a8530157f059869360c4ce32a029f8b1132f9b;p=thirdparty%2Ftornado.git

Move nil origin check out to execute
---

diff --git a/tornado/websocket.py b/tornado/websocket.py
index 1ba905b71..94164de56 100644
--- a/tornado/websocket.py
+++ b/tornado/websocket.py
@@ -164,9 +164,13 @@ class WebSocketHandler(tornado.web.RequestHandler):
             origin = parsed_origin.netloc
             origin = origin.lower()
 
+        # When origin is None, assume it didn't come from a browser and we can
+        # pass it on
+        if origin is None:
+            pass
         # If there was an origin header, check to make sure it matches
         # according to check_origin
-        if not self.check_origin(origin):
+        elif origin and not self.check_origin(origin):
             self.stream.write(tornado.escape.utf8(
                 "HTTP/1.1 403 Cross Origin Websockets Disabled\r\n\r\n"
             ))
@@ -290,15 +294,7 @@ class WebSocketHandler(tornado.web.RequestHandler):
 
         This is a security protection against cross site scripting attacks on
         browsers, since WebSockets don't have CORS headers.
-        
-        >>> self.check_origin(origin='localhost')
-        True
-        
         """
-        # When origin is None, assume it didn't come from a browser and we can
-        # pass it on
-        if origin is None:
-            return True
 
         host = self.request.headers.get("Host")