If a trusted IP address is passed as the origin then it is safe to assume that CORS access to this origin should be granted, but only if CORS is enabled by specifying at least one cors domain.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
A user may unintentionally allow access to dangerous domains if they place a wildcard in the top level domain portion of an entry. Raise a config error when this condition is detected.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Tornado clears the headers when an error is detected, "set_default_headers" must be overrridden so that errors are properly returned.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Rather than allow all origins as was the default with "enable_cors", users may not specify the domains allowed. If "*" is specified, all domains are allowed.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Some requests, such "printer/objects/subscribe", require a websocket
for asynchronous updates. Clients may now specify a "connection_id"
in the form data that identifies an associated websocket.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
There is no need to pass the auth, server, or websocket manager objects to request handlers. They can be retreived directly from the application reference.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Arksine