How to set WSS (Secure WebSockets) on Tornado?
In their docstring, they say the following:
WebSocketHandler.get_websocket_scheme
can be used to select the
appropriate url scheme (ws://
or wss://
) in cases where HTTPRequest.protocol
is not set correctly.
So, how can I use get_websocket_scheme
and/or HTTPRequest.protocol
to get the WSS to work on Tornado.
You should strongly prefer the secure wss:// protocol over the insecure ws:// transport. Like HTTPS, WSS (WebSockets over SSL/TLS) is encrypted, thus protecting against man-in-the-middle attacks. A variety of attacks against WebSockets become impossible if the transport is secured.
If you map the handler above to /websocket in your application, you can invoke it in JavaScript with: var ws = new WebSocket("ws://localhost:8888/websocket"); ws. onopen = function() { ws. send("Hello, world"); }; ws.
You can't use WebSockets over HTTPS, but you can use WebSockets over TLS (HTTPS is HTTP over TLS). Just use "wss://" in the URI.
wss is secure only because it means "WebSocket protocol over https". WebSocket protocol itself is not secure. There is no Secure WebSocket protocol, but there are just "WebSocket protocol over http" and "WebSocket protocol over https". See also this answer.
I got it :))
Just add this to your application:
http_server = tornado.httpserver.HTTPServer(application,ssl_options={
"certfile": "cert.cer",
"keyfile": "key.key",
})
This will solve the problem. Just very similar to regular HTTPS. I also appreciate any other way to make it work.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With