decorator: Clean up ugly validation comment.

2017-08-15 10:55:32 -07:00 · 2017-08-15 10:55:32 -07:00 · 93aa28ed08
parent 5a63ea0170
commit 93aa28ed08
1 changed files with 2 additions and 1 deletions
--- a/zerver/decorator.py
+++ b/zerver/decorator.py
@ -213,8 +213,9 @@ def validate_account_and_subdomain(request, user_profile):
    if user_profile.realm.deactivated:
        raise JsonableError(_("Realm for account has been deactivated"))

+    # Either the subdomain matches, or we're accessing Tornado from
+    # and to localhost (aka spoofing a request as the user).
    if (not check_subdomain(get_subdomain(request), user_profile.realm.subdomain) and
-        # Allow access to localhost for Tornado
        not (settings.RUNNING_INSIDE_TORNADO and
             request.META["SERVER_NAME"] == "127.0.0.1" and
             request.META["REMOTE_ADDR"] == "127.0.0.1")):