Skip to content


Subversion checkout URL

You can clone with
Download ZIP


We are pleased to announce the release of Tornado 1.1, available from

Changes in this release:
* RequestHandler.async_callback and related functions in other classes
  are no longer needed in most cases (although it's harmless to continue
  using them).  Uncaught exceptions will now cause the request to be closed
  even in a callback.  If you're curious how this works, see the new
  tornado.stack_context module.
* The new tornado.testing module contains support for unit testing
  asynchronous IOLoop-based code.
* AsyncHTTPClient has been rewritten (the new implementation was available as
  AsyncHTTPClient2 in Tornado 1.0; both names are supported for backwards
* The tornado.auth module has had a number of updates, including support
  for OAuth 2.0 and the Facebook Graph API, and upgrading Twitter and
  Google support to OAuth 1.0a.
* The websocket module is back and supports the latest version (76) of the
  websocket protocol.  Note that this module's interface is different
  from the websocket module that appeared in pre-1.0 versions of Tornado.
* New method RequestHandler.initialize() can be overridden in subclasses
  to simplify handling arguments from URLSpecs.  The sequence of methods
  called during initialization is documented at
* get_argument() and related methods now work on PUT requests in addition
  to POST.
* The httpclient module now supports HTTP proxies.
* When HTTPServer is run in SSL mode, the SSL handshake is now non-blocking.
* Many smaller bug fixes and documentation updates

Backwards-compatibility notes:
* While most users of Tornado should not have to deal with the stack_context
  module directly, users of worker thread pools and similar constructs may
  need to use stack_context.wrap and/or NullContext to avoid memory leaks.
* The new AsyncHTTPClient still works with libcurl version 7.16.x, but it
  performs better when both libcurl and pycurl are at least version 7.18.2.
* OAuth transactions started under previous versions of the auth module
  cannot be completed under the new module.  This applies only to the
  initial authorization process; once an authorized token is issued that
  token works with either version.

Many thanks to everyone who contributed patches, bug reports, and feedback
that went into this release!



This release fixes a bug with RequestHandler.get_secure_cookie, which…
… would

in some circumstances allow an attacker to tamper with data stored in the


We are pleased to announce the release of Tornado 1.0, available from h…
…ttp://  There have been many changes since version 0.2; here are some of the highlights:

New features:
* Improved support for running other WSGI applications in a Tornado server (tested with Django and CherryPy)
* Improved performance on Mac OS X and BSD (kqueue-based IOLoop), and experimental support for win32
* Rewritten AsyncHTTPClient available as tornado.httpclient.AsyncHTTPClient2 (this will become the default in a future release)
* Support for standard .mo files in addition to .csv in the locale module
* Pre-forking support for running multiple Tornado processes at once (see HTTPServer.start())
* SSL and gzip support in HTTPServer
* reverse_url() function refers to urls from the Application config by name from templates and RequestHandlers
* RequestHandler.on_connection_close() callback is called when the client has closed the connection (subject to limitations of the underlying network stack, any proxies, etc)
* Static files can now be served somewhere other than /static/ via the static_url_prefix application setting
* URL regexes can now use named groups ("(?P<name>)") to pass arguments to get()/post() via keyword instead of position
* HTTP header dictionary-like objects now support multiple values for the same header via the get_all() and add() methods.
* Several new options in the httpclient module, including prepare_curl_callback and header_callback
* Improved logging configuration in tornado.options.
* UIModule.html_body() can be used to return html to be inserted at the end of the document body.

Backwards-incompatible changes:
* RequestHandler.get_error_html() now receives the exception object as a keyword argument if the error was caused by an uncaught exception.
* Secure cookies are now more secure, but incompatible with cookies set by Tornado 0.2.  To read cookies set by older versions of Tornado, pass include_name=False to RequestHandler.get_secure_cookie()
* Parameters passed to RequestHandler.get/post() by extraction from the path now have %-escapes decoded, for consistency with the processing that was already done with other query parameters.

Many thanks to everyone who contributed patches, bug reports, and feedback that went into this release!

Something went wrong with that request. Please try again.