webserver

This Websocket server serves as the webserver for the client browser

class webserver.Application: Bases: Application

class webserver.BaseHandler(application: Application, request: HTTPServerRequest, **kwargs: Any)

Bases: RequestHandler

get_current_user()

Override to determine the current user from, e.g., a cookie.

This method may not be a coroutine.

class webserver.LoginHandler(application: Application, request: HTTPServerRequest, **kwargs: Any)

Bases: BaseHandler

get()

post()

class webserver.LogoutHandler(application: Application, request: HTTPServerRequest, **kwargs: Any)

Bases: BaseHandler

get()

on_close()

class webserver.MainHandler(application: Application, request: HTTPServerRequest, **kwargs: Any)

Bases: BaseHandler

get()

class webserver.ProxyWebSocketHandler(application: Application, request: HTTPServerRequest, **kwargs: Any)

Bases: WebSocketHandler

check_origin(origin)

Override to enable support for allowing alternate origins.

The origin argument is the value of the Origin HTTP header, the url responsible for initiating this request. This method is not called for clients that do not send this header; such requests are always allowed (because all browsers that implement WebSockets support this header, and non-browser clients do not have the same cross-site security concerns).

Should return True to accept the request or False to reject it. By default, rejects all requests with an origin on a host other than this one.

This is a security protection against cross site scripting attacks on browsers, since WebSockets are allowed to bypass the usual same-origin policies and don’t use CORS headers.

Warning

This is an important security measure; don’t disable it without understanding the security implications. In particular, if your authentication is cookie-based, you must either restrict the origins allowed by check_origin() or implement your own XSRF-like protection for websocket connections. See these articles for more.

To accept all cross-origin traffic (which was the default prior to Tornado 4.0), simply override this method to always return True:

def check_origin(self, origin):
    return True

To allow connections from any subdomain of your site, you might do something like:

def check_origin(self, origin):
    parsed_origin = urllib.parse.urlparse(origin)
    return parsed_origin.netloc.endswith(".mydomain.com")

Added in version 4.0.

on_message(message)

Handle incoming messages on the WebSocket

This method must be overridden.

Changed in version 4.5: on_message can be a coroutine.

open()

Invoked when a new WebSocket is opened.

The arguments to open are extracted from the tornado.web.URLSpec regular expression, just like the arguments to tornado.web.RequestHandler.get.

open may be a coroutine. on_message will not be called until open has returned.

Changed in version 5.1: open may be a coroutine.

webserver.main()