Skip to content

Improve CORS origin validation and enhance callback handling#21

Open
stefanogermano wants to merge 4 commits intomasterfrom
develop
Open

Improve CORS origin validation and enhance callback handling#21
stefanogermano wants to merge 4 commits intomasterfrom
develop

Conversation

@stefanogermano
Copy link
Member

@stefanogermano stefanogermano commented Mar 21, 2026
edited
Loading

Several core components refined:

  1. CORS Origin Validation – The check_origin method in ese_websocket.py now normalises hostnames (by converting to lowercase and removing trailing dots) before comparing them to the list in the configuration. This prevents false negatives caused by case sensitivity or accidental trailing periods.
  2. Callback Handling Enhancements – The callback routine in ese_websocket.py has been rewritten to:
    • Safely truncate solver output or error strings that exceed the configured maximum length.
    • Correctly manage the IOLoop, ensuring messages are written only after the WebSocket connection is fully open.
    • Consolidate import statements and improve the file layout.
  3. A minor comment has been added to ese_utils.py as a reminder for future JSON schema validation of incoming messages.

Overall, this pull request makes the WebSocket service more robust against invalid origins, resolves the event loop error, improves user feedback when responses are too long, and tidies the codebase for easier maintenance.

dependabot bot and others added 3 commits March 21, 2026 17:13
@dependabot
Bump actions/checkout from 4 to 6
3f0ebb9 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@stefanogermano
Improved callback handling and other minor fixes
81968e4
@stefanogermano
Normalize CORS origin check
6b5a576 
Improve origin validation in ESEWebSocket.check_origin: parse and normalize hostnames (lowercase, strip trailing dots) when comparing against ec.cors_origins and guard the logic with a try/except that returns False on parse errors to avoid exceptions from malformed origins.
Also add a FIXME comment to validate incoming JSON against a schema before processing, as a reminder to add structural validation later.
@stefanogermano
Merge pull request #20 from DeMaCS-UNICAL/dependabot/github_actions/a…
dc8621e 
…ctions/checkout-6

Bump actions/checkout from 4 to 6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@markducks markducks Awaiting requested review from markducks

@pierpaolosestito-dev pierpaolosestito-dev Awaiting requested review from pierpaolosestito-dev

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stefanogermano