Allow remote access by default when we're listening on external addresses

takluyver · takluyver · commit fa3abf2209d7 · 2018-06-25T13:53:14.000+02:00
diff --git a/notebook/notebookapp.py b/notebook/notebookapp.py
@@ -15,6 +15,7 @@
 import hmac
 import importlib
 import io
+import ipaddress
 import json
 import logging
 import mimetypes
@@ -833,7 +834,7 @@ def _token_changed(self, change):
         """
     )
 
-    allow_remote_access = Bool(False, config=True,
+    allow_remote_access = Bool(config=True,
        help="""Allow requests where the Host header doesn't point to a local server
 
        By default, requests get a 403 forbidden response if the 'Host' header
@@ -848,6 +849,21 @@ def _token_changed(self, change):
        along with hostnames configured in local_hostnames.
        """)
 
+    @default('allow_remote_access')
+    def _default_allow_remote(self):
+        """Disallow remote access if we're listening only on loopback addresses"""
+        try:
+            addr = ipaddress.ip_address(self.ip)
+        except ValueError:
+            # Address is a hostname
+            for info in socket.getaddrinfo(self.ip, self.port, type=socket.SOCK_STREAM):
+                addr = ipaddress.ip_address(info[4][0])
+                if not addr.is_loopback:
+                    return True
+            return False
+        else:
+            return not addr.is_loopback
+
     local_hostnames = List(Unicode(), ['localhost'], config=True,
        help="""Hostnames to allow as local when allow_remote_access is False.
 
