Validate WebSocket origin. Returns error message or None if valid.
(
self, origin: str | None, host: str | None, allowed_origins: list
)
| 491 | return None |
| 492 | |
| 493 | def _validate_ws_origin( |
| 494 | self, origin: str | None, host: str | None, allowed_origins: list |
| 495 | ) -> str | None: |
| 496 | """Validate WebSocket origin. Returns error message or None if valid.""" |
| 497 | if not origin: |
| 498 | return "Origin header required" |
| 499 | if origin in allowed_origins: |
| 500 | return None # Explicitly allowed |
| 501 | if not host: |
| 502 | return "Origin not allowed" |
| 503 | # Check same-origin |
| 504 | origin_host = urlparse(origin).netloc |
| 505 | if origin_host != host: |
| 506 | return "Origin not allowed" |
| 507 | return None |
| 508 | |
| 509 | def serve_websocket_callback(self, dash_app: "Dash"): |
| 510 | """Set up the WebSocket endpoint for callback handling. |