<p>请加上</p>
<pre><code>def check_origin(self, origin):
return True
</code></pre>
<p>类中的MyHandler如下</p>
<pre><code>class MyHandler(tornado.websocket.WebSocketHandler):
def check_origin(self, origin):
return True
def open(self):
print "connection opened"
self.write_message("connection opened")
def on_close(self):
print "connection closed"
def on_message(self,message):
print "Message received: {}".format(message)
self.write_message("message received")
</code></pre>
<p>从文档中:</p>
<blockquote>
<p>By default, [<em>check_origin</em>] rejects all requests with an origin on a host other than
this one.</p>
<p>This is a security protection against cross site scripting attacks on
browsers, since WebSockets are allowed to bypass the usual same-origin
policies and don’t use CORS headers.</p>
</blockquote>
<p>再说一遍:</p>
<blockquote>
<p><strong>This is an important security measure; don’t disable it without
understanding the security implications. In particular, if your
authentication is cookie-based, you must either restrict the origins
allowed by check_origin() or implement your own XSRF-like protection
for websocket connections. See <a href="https://devcenter.heroku.com/articles/websocket-security" rel="noreferrer">these articles</a> for more.</strong></p>
</blockquote>
<p><a href="http://www.tornadoweb.org/en/stable/websocket.html#configuration" rel="noreferrer">Link</a>。</p>
