🚀 What’s New
This release introduces explicit, secure support for broadcasting from other machines, while keeping safe defaults.
✨ Configurable broadcast_allowed_hosts
The SocketAPI constructor now exposes a new parameter:
broadcast_allowed_hostsBy default, broadcasting endpoints still accept only localhost connections for security.
With v0.2.0 you can explicitly allow external machines to broadcast messages by whitelisting their IPs or hostnames.
app = SocketAPI(
host="0.0.0.0",
port=8000,
broadcast_allowed_hosts=("127.0.0.1", "::1", "localhost", "192.168.1.50")
)This makes cross-process and cross-machine broadcasting intentional, explicit, and secure.
📘 Improved Documentation
The Channels documentation now includes a dedicated section:
“Broadcasting from a Different Machine”, explaining:
- default localhost-only behavior
- how and when to enable external hosts
- recommended security practices
This closes the loop between the security change introduced earlier and real-world deployment needs.
🎯 Why This Matters
SocketAPI can now be safely used with:
- 🧵 Background workers on separate servers
- 🔁 Existing infrastructure and legacy systems
- 🔔 External services triggering real-time updates
- 🏗️ Distributed architectures
All without sacrificing secure defaults.
📦 Version
- v0.2.0
Upgrade:
pip install -U socketapi🔗 Links
- GitHub: https://github.com/SpaceShaman/socketapi
- Documentation: https://spaceshaman.github.io/socketapi/
- Issues: https://github.com/SpaceShaman/socketapi/issues
This release is backward-compatible and strictly opt-in for external broadcasting.
Full Changelog: v0.1.2...v0.2.0