Https Share

This script allows you to securely share files over HTTPS. (You can get the full source on GitHub).

You simply start the script using the following:

python3 -a magic-access-token_fj9efd3c -p 4443

Now, you need the magic token in order to access the files. If you access the https URL without setting the magic token first, you will get a '401 Unauthorized'.


You can set the token in the UI and click submit, or just send friends a link to the '/set_token/' URL:


Obviously replace the magic token by the same one you used when starting the application. This token will be saved as a cookie and now you can now access the files!

The use-case for this script is to share files between computers without risking having someone unauthorized getting access. It uses TLS so all the traffic will be encrypted.


There is also support for in-browser upload:


How It Works

The access model is very simple. It simply maps the /set_cookie/.* regex-url to a function which asks the browser to set the cookie to the content of the url.

    if'^/set_cookie/.*', self.path):

The function then set the cookie through the browser:

    def handleSetToken(httpHanlder):

        tokenV = httpHanlder.path.split("/")[-1]

        httpHanlder.send_header('Set-Cookie', 'accessToken=%s;Path=/; HttpOnly' % tokenV)


You can now access any resource given that the browser returns the magic cookie:

    def isAuthorized(httpHanlder):
            tokenV = ''
            cookies = httpHanlder.headers.get('Cookie')
            if cookies:
                tokenV = cookies.split('accessToken=')[1]

            if tokenV ==['access_token']:
                return True

            return False

Downloading a file through HTTPS is trivial when using the python base class. You first map URLs to functions:

    def functorFromUrl(url):

        hDict = {}
        hDict[r'^/$'] = handleMain
        hDict[r'^/files/.*'] = handleUrlListFiles

        for k, v in hDict.items():
            if, url):
                return v

        return None

... and then in 'handleUrlListFiles' you just read and return the files:

def handleUrlListFiles(httpHanlder):


    elif os.path.isfile(queryPath):

        filename = os.path.split(queryPath)[1]

        httpHanlder.send_header('Content-disposition','attachment; filename=%s' % filename)

        fh = open(queryPath, 'rb')
        fileBytes =



The "httpHanlder.send_header('Content-disposition','attachment; filename=%s' % filename)" line just tells your browser that the resource is a file so that it starts a download dialog.

Open Issue(s)