please add
def check_origin(self, origin):
return True
in class MyHandler like this
class MyHandler(tornado.websocket.WebSocketHandler):
def check_origin(self, origin):
return True
def open(self):
print "connection opened"
self.write_message("connection opened")
def on_close(self):
print "connection closed"
def on_message(self,message):
print "Message received: {}".format(message)
self.write_message("message received")
From the DOCs:
By default, [check_origin] rejects all requests with an origin on a host other than
this one.This is a security protection against cross site scripting attacks on
browsers, since WebSockets are allowed to bypass the usual same-origin
policies and don’t use CORS headers.
And again:
This is an important security measure; don’t disable it without
understanding the security implications. In particular, if your
authentication is cookie-based, you must either restrict the origins
allowed by check_origin() or implement your own XSRF-like protection
for websocket connections. See these articles for more.
Link.