Force SSL on your Flask app.

Related tags

Flaskflask-sslify
Overview

Flask-SSLify

This is a simple Flask extension that configures your Flask application to redirect all incoming requests to HTTPS.

The extension is no longer maintained, prefer using Flask-Talisman as it is encouraged by the Flask Security Guide.

If you're interested in financially supporting Kenneth Reitz open source, consider visiting this link. Your support helps tremendously with sustainability of motivation, as Open Source is no longer part of my day job.

Redirects only occur when app.debug is False.

Usage

Usage is pretty simple:

from flask import Flask
from flask_sslify import SSLify

app = Flask(__name__)
sslify = SSLify(app)

If you make an HTTP request, it will automatically redirect:

$ curl -I http://secure-samurai.herokuapp.com/
HTTP/1.1 302 FOUND
Content-length: 281
Content-Type: text/html; charset=utf-8
Date: Sun, 29 Apr 2012 21:39:36 GMT
Location: https://secure-samurai.herokuapp.com/
Server: gunicorn/0.14.2
Strict-Transport-Security: max-age=31536000
Connection: keep-alive

HTTP Strict Transport Security

Flask-SSLify also provides your application with an HSTS policy.

By default, HSTS is set for one year (31536000 seconds).

You can change the duration by passing the age parameter:

sslify = SSLify(app, age=300)

If you'd like to include subdomains in your HSTS policy, set the subdomains parameter:

sslify = SSLify(app, subdomains=True)

Or by including SSLIFY_SUBDOMAINS in your app's config.

HTTP 301 Redirects

By default, the redirect is issued with a HTTP 302 response. You can change that to a HTTP 301 response by passing the permanent parameter:

sslify = SSLify(app, permanent=True)

Or by including SSLIFY_PERMANENT in your app's config.

Exclude Certain Paths from Being Redirected

You can exlude a path that starts with given string by including a list called skips:

sslify = SSLify(app, skips=['mypath', 'anotherpath'])

Or by including SSLIFY_SKIPS in your app's config.

Install

Installation is simple too:

$ pip install Flask-SSLify

Security consideration using basic auth

When using basic auth, it is important that the redirect occurs before the user is prompted for credentials. Flask-SSLify registers a before_request handler, to make sure this handler gets executed before credentials are entered it is advisable to not prompt for any authentication inside a before_request handler.

The example found at http://flask.pocoo.org/snippets/8/ works nicely, as the view function's decorator will never have an effect before the before_request hooks are executed.

Owner
Kenneth Reitz
Software Engineer focused on abstractions, reducing cognitive overhead, and Design for Humans.
Kenneth Reitz
Heroku Flask Setup

Heroku Flask Setup

Abhimanyu Haralukallu 0 Dec 07, 2021
SQLAlchemy database migrations for Flask applications using Alembic

Flask-Migrate Flask-Migrate is an extension that handles SQLAlchemy database migrations for Flask applications using Alembic. The database operations

Miguel Grinberg 2.2k Dec 28, 2022
Another redis monitor by using flask, angular, socket.io

RedisPAPA we use redis info to monitor the redis usage. PAPA means a father who is monitoring the redis. accoding to the redis doc, it is be recommand

no13bus 393 Dec 30, 2022
A live chat built with python(flask + gevent + apscheduler) + redis

a live chat room built with python(flask / gevent / apscheduler) + redis Basic Architecture Screenshot Install cd /path/to/source python bootstrap.py

Limboy 309 Nov 13, 2022
A simple barcode and QR code generator built in Python with Flask.

✨ Komi - Barcode & QR Generator ✨ A simple barcode and QR code generator built in Python with Flask. 📑 Table of Contents Usage Installation Contribut

Bonnie Fave 2 Nov 04, 2021
SqlAlchemy Flask-Restful Swagger Json:API OpenAPI

SAFRS: Python OpenAPI & JSON:API Framework Overview Installation JSON:API Interface Resource Objects Relationships Methods Custom Methods Class Method

Thomas Pollet 365 Jan 06, 2023
A clean and simple blog system based on Flask and MongoDB

CleanBlog A clean and simple blog system based on Flask and MongoDB You can access CleanBlog This is the source code of Flask Tutorial Pro,you can buy

shin 107 Oct 06, 2022
A multi-container docker application. Implemented and dockerized a web-based service leveraging Flask

Flask-based-web-service-with-Docker-compose A multi-container docker application. Implemented and dockerized a web-based service leveraging Flask. Des

Jayshree Rathi 1 Jan 15, 2022
This is a small notes web app, with python and flask microframework. Using sqlite3

Python Notes App. This is a small web application maked with flask-python for add notes easily and quickly. Dependencies. You can create a virtual env

Eduard 1 Dec 26, 2021
Flask-Discord-Bot-Dashboard - A simple discord Bot dashboard created in Flask Python

Flask-Discord-Bot-Dashboard A simple discord Bot dashboard created in Flask Pyth

Ethan 8 Dec 22, 2022
SQL Alchemy dialect for Neo4j

SQL Alchemy dialect for Neo4j This package provides the SQL dialect for Neo4j, using the official JDBC driver (the Neo4j "BI Connector" ) Installation

Beni Ben zikry 8 Jan 02, 2023
OpenTracing instrumentation for the Flask microframework

Flask-OpenTracing This package enables distributed tracing in Flask applications via The OpenTracing Project. Once a production system contends with r

3rd-Party OpenTracing API Contributions 133 Dec 19, 2022
Rubik's cube assistant on Flask webapp

webcube Rubik's cube assistant on Flask webapp. This webapp accepts the six faces of your cube and gives you the voice instructions as a response. Req

Yash Indane 56 Nov 22, 2022
Find and notify users in your Active Directory with weak passwords

Crack-O-Matic Find and notify users in your Active Directory with weak passwords. Features: Linux-based Flask-based web app Hashcat or John cracker Au

Adrian Vollmer 92 Dec 31, 2022
REST API with Flask and SQLAlchemy. I would rather not use it anymore.

Flask REST API Python 3.9.7 The Flask experience, without data persistence :D First, to install all dependencies: python -m pip install -r requirement

Luis Quiñones Requelme 1 Dec 15, 2021
A service made with Flask and Python to help you find the weather of your favorite cities.

Weather-App A service made with Flask and Python to help you find the weather of your favorite cities. Features Backend using Flask and Jinja Weather

Cauã Rinaldi 1 Nov 17, 2022
With Flask. Everything in a JSON.

Little Library REST API py 3.10 The only one requeriment it's to have Flask installed. To run this, in ./src/(if you're in PS): $env:FLASK_APP="app

Luis Quiñones Requelme 1 Dec 15, 2021
Flask-redmail - Email sending for Flask

Flask Red Mail: Email Sending for Flask Flask extension for Red Mail What is it?

Mikael Koli 11 Sep 23, 2022
Seamlessly serve your static assets of your Flask app from Amazon S3

flask-s3 Seamlessly serve the static assets of your Flask app from Amazon S3. Maintainers Flask-S3 is maintained by @e-dard, @eriktaubeneck and @SunDw

Edd Robinson 188 Aug 24, 2022
Sample Dockerized flask app deployed on Kubernetes on Azure using AKS

Sample Dockerized flask app deployed on Kubernetes on Azure using AKS

Ahmed khémiri 22 Sep 08, 2021