在龙卷风v4 +下，WebSocket连接被403拒绝 [英] Under tornado v4+ WebSocket connections get refused with 403

问题描述

我有一台较旧的龙卷风服务器，可以处理普通的WebSocket连接.我通过Nginx将这些连接从wss://info.mydomain.com代理到wss://mydomain.com:8080，以解决阻塞非标准端口的客户代理的问题.

I have an older tornado server that handles vanilla WebSocket connections. I proxy these connections, via Nginx, from wss://info.mydomain.com to wss://mydomain.com:8080 in order to get around customer proxies that block non standard ports.

最近升级到Tornado 4.0后，所有连接都被403拒绝.什么原因导致了这个问题，我该如何解决?

After the recent upgrade to Tornado 4.0 all connections get refused with a 403. What is causing this problem and how can I fix it?

推荐答案

Tornado 4.0引入了默认情况下的相同来源检查.这将检查浏览器设置的源标头是否与主机标头相同

Tornado 4.0 introduced an, on by default, same origin check. This checks that the origin header set by the browser is the same as the host header

代码如下:

 def check_origin(self, origin):
    """Override to enable support for allowing alternate origins.

    The ``origin`` argument is the value of the ``Origin`` HTTP header,
    the url responsible for initiating this request.

    .. versionadded:: 4.0
    """
    parsed_origin = urlparse(origin)
    origin = parsed_origin.netloc
    origin = origin.lower()

    host = self.request.headers.get("Host")

    # Check to see that origin matches host directly, including ports
    return origin == host

为了使代理的Websocket连接仍能正常工作，您将需要覆盖WebSocketHandler上的检查源并将白名单中的内容列入您的关注范围.这样的事情.

In order for your proxied websocket connection to still work you will need to override check origin on the WebSocketHandler and whitelist the domains that you care about. Something like this.

import re
from tornado import websocket

class YouConnection(websocket.WebSocketHandler):

    def check_origin(self, origin):
        return bool(re.match(r'^.*?\.mydomain\.com', origin))

这将使从info.mydomain.com进入的连接像以前一样通过.

This will let the connections coming through from info.mydomain.com to get through as before.

这篇关于在龙卷风v4 +下，WebSocket连接被403拒绝的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！