Looking at the code, you're not actually doing anything with websockets here. There's no handshake parsing, there's no open socket object to pass data back and forth on, there's nothing actually websockety about this.
Instead, you seem to have a simple ajax endpoint.
Or am I missing something?
[EDIT] Clarifying why I said it's not that easy, since that seems snarky as I read it again. To properly do websockets in Django, you have to write your own runserver, which allows processes up the stack to capture the raw socket, perform the websocket handshake methods, and do proper parsing of the incoming data to break the messages on the sentinel values.
I recently tried to do this, and the one package that did this wouldn't work with Django 1.6, and we would have to give up our flup runfcgi, which I wasn't ready to do.
So from django's point of view there are stateless JSON requests and responses, so django's happy. The python proxy code is a lightweight wrapper that doesn't have to understand any business logic, so that's pretty straightforward as well.
What are the advantages of this over normal AJAX requests, given that it's all using the single request, single response mode of operation (and you can compress/cache AJAX requests/responses, which websockets doesn't support yet).
1) can you describe the tornado part of the system? The blog post isn't really clear on that.
2) how do you associate websocket sessions with browser sessions?
3) how do you handle server-to-client notifications? ie. a celery task completes and you want to notify the client.
4) Is XSS a concern?
Firewalls don't typically care, since it's effectively a long lived HTTP request, unless it digs into all of the packets and filters there.
