Geek Answers Handbook

Python flask redirect to https with http

I have a site assembly using python3.4 and fl ... I created my own self-signed certificate, and now I am testing my site through localhost.

I am using the python ssl module along with this flask extension: https://github.com/kennethreitz/flask-sslify

context = ('my-cert.pem', 'my-key.pem') app = Flask(__name__) sslify = SSLify(app) ... if __name__ == '__main__': app.debug = False app.run( host="127.0.0.1", port=int("5000"), ssl_context=context )

However, this does not seem to work. I took a look at the sslify source code and this line doesn't seem to work

 def init_app(self, app): """Configures the configured Flask app to enforce SSL.""" app.before_request(self.redirect_to_ssl) app.after_request(self.set_hsts_header)

In particular, calling the redirect_to_ssl function (I added my own print statement to the redirect_to_ssl function, and my expression was never printed)

 def redirect_to_ssl(self): print("THIS IS WORKING") """Redirect incoming requests to HTTPS.""" Should we redirect? criteria = [ request.is_secure, current_app.debug, request.headers.get('X-Forwarded-Proto', 'http') == 'https' ] if not any(criteria) and not self.skip: if request.url.startswith('http://'): url = request.url.replace('http://', 'https://', 1) code = 302 if self.permanent: code = 301 r = redirect(url, code=code) return r

I am new to python. Any ideas?

+16
source share
7 answers

It seems to me that you are making this more complicated than necessary. Here is the code that I use in my view.py script to force users to connect to HTTPS connections:

 @app.before_request def before_request(): if request.url.startswith('http://'): url = request.url.replace('http://', 'https://', 1) code = 301 return redirect(url, code=code)
+31
source

According to the documentation , after pip install Flask-SSLify you only need to paste the following code:

 from flask import Flask from flask_sslify import SSLify app = Flask(__name__) sslify = SSLify(app)

I did it and it works very well. Am I missing something in the discussion?

+13
source

The standard solution is to wrap the request with the enforce_ssl decorator which, after checking some flags in the application configuration (flags that you can set depending on your debugging needs), changes the request URL using request.url .

As written here .

You can change the code to work with before_request as suggested by @ kelly-keller-heikkila

+5
source

Thanks to Kelly-Keller-Heikkil's answer and jaysqrd 's comment , I did this in my Flask app:

 from flask import request, redirect ... @app.before_request def before_request(): if not request.is_secure and app.env != "development": url = request.url.replace("http://", "https://", 1) code = 301 return redirect(url, code=code)

I tried the flask_sslify solution proposed by Rodolfo Alvarez, but ran into this problem and used the above solution instead.

Checking app.env allows app.env to run unit tests and local development without https.

+3
source

Flask Security Guide recommends using Flask-Talisman .

 $ pip install flask-talisman

Usage example:

 from flask import Flask from flask_talisman import Talisman app = Flask(__name__) Talisman(app)

By default, it calls HTTPS (from README):

force_https , default True , forces all non-debug connects to https .

Personally, I received several errors related to CSP (Content Security Policy), which I disabled using:

 Talisman(app, content_security_policy=None)

But use this at your own risk :)

+3
source

I use a simple add-on application that runs on port 80 and redirects people to https:

 from flask import Flask,redirect app = Flask(__name__) @app.route('/') def hello(): return redirect("https://example.com", code=302) if __name__ == '__main__': app.run(host='0.0.0.0', port=80)
+1
source

I am using a Python cloud foundry application that is behind a load balancer (as https://stackoverflow.com/users/5270172/kelly-keller-heikkila said). This permission helped me by adding (_external and _Scheme to the url_for function). https://github.com/pallets/flask/issues/773

0
source

More articles:


All Articles