• This repository has been archived on 21/Feb/2019
  • Stars
    star
    504
  • Rank 87,537 (Top 2 %)
  • Language
    Python
  • License
    BSD 2-Clause "Sim...
  • Created over 12 years ago
  • Updated over 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Force SSL on your Flask app.

Flask-SSLify

This is a simple Flask extension that configures your Flask application to redirect all incoming requests to HTTPS.

The extension is no longer maintained, prefer using Flask-Talisman as it is encouraged by the Flask Security Guide.

If you're interested in financially supporting Kenneth Reitz open source, consider visiting this link. Your support helps tremendously with sustainability of motivation, as Open Source is no longer part of my day job.

Redirects only occur when app.debug is False.

Usage

Usage is pretty simple:

from flask import Flask
from flask_sslify import SSLify

app = Flask(__name__)
sslify = SSLify(app)

If you make an HTTP request, it will automatically redirect:

$ curl -I http://secure-samurai.herokuapp.com/
HTTP/1.1 302 FOUND
Content-length: 281
Content-Type: text/html; charset=utf-8
Date: Sun, 29 Apr 2012 21:39:36 GMT
Location: https://secure-samurai.herokuapp.com/
Server: gunicorn/0.14.2
Strict-Transport-Security: max-age=31536000
Connection: keep-alive

HTTP Strict Transport Security

Flask-SSLify also provides your application with an HSTS policy.

By default, HSTS is set for one year (31536000 seconds).

You can change the duration by passing the age parameter:

sslify = SSLify(app, age=300)

If you'd like to include subdomains in your HSTS policy, set the subdomains parameter:

sslify = SSLify(app, subdomains=True)

Or by including SSLIFY_SUBDOMAINS in your app's config.

HTTP 301 Redirects

By default, the redirect is issued with a HTTP 302 response. You can change that to a HTTP 301 response by passing the permanent parameter:

sslify = SSLify(app, permanent=True)

Or by including SSLIFY_PERMANENT in your app's config.

Exclude Certain Paths from Being Redirected

You can exlude a path that starts with given string by including a list called skips:

sslify = SSLify(app, skips=['mypath', 'anotherpath'])

Or by including SSLIFY_SKIPS in your app's config.

Install

Installation is simple too:

$ pip install Flask-SSLify

Security consideration using basic auth

When using basic auth, it is important that the redirect occurs before the user is prompted for credentials. Flask-SSLify registers a before_request handler, to make sure this handler gets executed before credentials are entered it is advisable to not prompt for any authentication inside a before_request handler.

The example found at http://flask.pocoo.org/snippets/8/ works nicely, as the view function's decorator will never have an effect before the before_request hooks are executed.

More Repositories

1

osx-gcc-installer

GCC Installer for OSX! Without Xcode!
Python
3,049
star
2

envoy

Python Subprocesses for Humansâ„¢.
Python
2,266
star
3

elephant

A persistent, full-text searchable key-value store. Powered by Flask, ElasticSearch, S3, and good intentions.
Python
481
star
4

markdownplease.com

Give it a URL, it'll give you Markdown. Powered by Readability.
HTML
203
star
5

wsl-guide

The Hitchhiker's Guide to Bash on Ubuntu on Windows!
Python
189
star
6

dream-python

Individual dreams for Python and its community.
187
star
7

flango

A Django template for using Flask for the frontend, Django for the backend.
Python
183
star
8

pipenvlib

A library for manipulating Pipenv projects.
Python
133
star
9

github-reflog

The GitHub Reflog™ — the weekly chronicle of awesome repos
88
star
10

talks

My conference talks
86
star
11

pysoundcloud

Scraping the Un–scrapable™
Python
63
star
12

typy.io

just typeâ„¢
Python
49
star
13

omnijson

Like AnyJSON, but better.
Python
43
star
14

python-for-humans

Talk from PyCodeConf.
Ruby
42
star
15

goldenarch

Serves crap. Fast.
Python
40
star
16

knative-for-humans

Knative for Humans (for Kubernetes) -- a work in progress
Batchfile
35
star
17

click-tools

Command-Line utilities for Click (extracted from Clint).
Python
30
star
18

records-migrate

A migration system for Records.
Python
29
star
19

now.httpbin.org

An API (for Humans) for converting timestamps.
Python
24
star
20

team

KR Org stuff.
21
star
21

super-sphere2

A minimal action game by Kenneth Reitz.
Lua
20
star
22

humble

Python version of seejohnrun/vain
Python
16
star
23

SlashWear

"Kenneth is the Computer Guru. The King of Programmers!!!!!!"
16
star
24

morepython.org

Python
14
star
25

unmastered-impulses

Infinite State's first album.
14
star
26

Flask-Caster

A simple Flask extension for automatically casting the type of query arguments.
Python
13
star
27

pipenv-docker-tests

A public repo for a docker image to speed up docker tests for Pipenv.
12
star
28

convore.json

Full backup of all public Convore content.
CSS
11
star
29

pipenv-buildpack

A minimal buildpack for Pipenv.
Shell
11
star
30

pypidownloads-service

a PyPI downloads information web service, using GraphQL (and Flask!)
Python
9
star
31

alphaglyph

Αμπθαημπθ: Ησεελ Μευυεστ ζοσ Yοφ αξδ Ι
Python
8
star
32

uuid4

CLI for uuid4
7
star
33

git-legit.org

The Official Websiteâ„¢ of Legit.
CSS
7
star
34

tommorrow-night-italics-vscode

Tomorrow Night Italics for VSCode
4
star