New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Websocket connections fail with 403 error #788

fatg3erman opened this Issue Jul 24, 2014 · 4 comments


4 participants

fatg3erman commented Jul 24, 2014

Since I upgraded to mopidy 0.19 my web client can no longer connect. I'm getting 403 errors in the browser console (Access Forbidden)

WebSocket connection to 'ws://localhost:6680/mopidy/ws/' failed: Error during WebSocket handshake: Unexpected response code: 403              mopidy.js:2437

This appears to be due to tornado doing a same-origin check, see here:

I'm running on OSX with everything installed from homebrew, but I've had a user log this as a bug on a Linux installation too.

INFO     2014-07-24 17:30:06,549 [35665:HttpServer] tornado.access
  304 GET /mopidy/mopidy.js ( 0.85ms
WARNING  2014-07-24 17:30:08,857 [35665:HttpServer] tornado.access
  403 GET /mopidy/ws/ ( 1.09ms
WARNING  2014-07-24 17:30:09,878 [35665:HttpServer] tornado.access
  403 GET /mopidy/ws/ ( 0.92ms
WARNING  2014-07-24 17:30:11,886 [35665:HttpServer] tornado.access
  403 GET /mopidy/ws/ ( 0.93ms
WARNING  2014-07-24 17:30:15,890 [35665:HttpServer] tornado.access
  403 GET /mopidy/ws/ ( 0.41ms

My config value for http/hostname is ''

brew info python-tornado
python-tornado: stable 4.0, HEAD
/usr/local/Cellar/python-tornado/4.0 (159 files, 2.8M) *
  Built from source

This comment has been minimized.


adamcik commented Jul 24, 2014

Ah that would also explain why I cant get the API explorer to work. While it didn't fail during testing of the switch to tornado.

Sounds like we should add a setting for the handler and release a new version soon-ish.

@adamcik adamcik added HTTP labels Jul 24, 2014


This comment has been minimized.


jodal commented Jul 24, 2014



This comment has been minimized.


adamcik commented Jul 24, 2014

Alternatively we just update it to a return True for now as it would be identical to the old behavior for now.


This comment has been minimized.

hjjoe1213123 commented Oct 8, 2016

everying is setAllowedOrigins

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment