WebSocket overrides check_origin for reverse proxy configuration (#6845)

This commit is contained in:
Gábor Poczkodi 2024-06-12 03:19:18 +02:00 committed by GitHub
parent 7b9fb57bb2
commit 4bf7c97088
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -17,6 +17,7 @@ import time
from collections.abc import Iterable from collections.abc import Iterable
from pathlib import Path from pathlib import Path
from typing import TYPE_CHECKING, Any, Callable, TypeVar from typing import TYPE_CHECKING, Any, Callable, TypeVar
from urllib.parse import urlparse
import tornado import tornado
import tornado.concurrent import tornado.concurrent
@ -166,6 +167,18 @@ class EsphomeCommandWebSocket(tornado.websocket.WebSocketHandler):
# use Popen() with a reading thread instead # use Popen() with a reading thread instead
self._use_popen = os.name == "nt" self._use_popen = os.name == "nt"
def check_origin(self, origin):
if "ESPHOME_TRUSTED_DOMAINS" not in os.environ:
return super().check_origin(origin)
trusted_domains = [
s.strip() for s in os.environ["ESPHOME_TRUSTED_DOMAINS"].split(",")
]
url = urlparse(origin)
if url.hostname in trusted_domains:
return True
_LOGGER.info("check_origin %s, domain is not trusted", origin)
return False
def open(self, *args: str, **kwargs: str) -> None: def open(self, *args: str, **kwargs: str) -> None:
"""Handle new WebSocket connection.""" """Handle new WebSocket connection."""
# Ensure messages from the subprocess are sent immediately # Ensure messages from the subprocess are sent immediately