Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/not-kennethreitz/flask-sslify

Force SSL on your Flask app.
https://github.com/not-kennethreitz/flask-sslify

Last synced: about 1 month ago
JSON representation

Force SSL on your Flask app.

Host: GitHub
URL: https://github.com/not-kennethreitz/flask-sslify
Owner: not-kennethreitz
License: bsd-2-clause
Archived: true
Created: 2012-04-29T16:52:03.000Z (over 12 years ago)
Default Branch: master
Last Pushed: 2019-02-17T20:05:37.000Z (almost 6 years ago)
Last Synced: 2024-08-01T22:56:24.049Z (4 months ago)
Language: Python
Homepage: https://pypi.python.org/pypi/Flask-SSLify
Size: 36.1 KB
Stars: 504
Watchers: 37
Forks: 85
Open Issues: 11
Metadata Files:
- Readme: README.rst
- License: LICENSE

Awesome Lists containing this project

README

Flask-SSLify
============

This is a simple Flask extension that configures your Flask application to redirect
all incoming requests to HTTPS.

The extension is no longer maintained, prefer using `Flask-Talisman `_ as it is encouraged by the `Flask Security Guide `_.

If you're interested in financially supporting Kenneth Reitz open source, consider `visiting this link `_. Your support helps tremendously with sustainability of motivation, as Open Source is no longer part of my day job.

Redirects only occur when ``app.debug`` is ``False``.

Usage
-----

Usage is pretty simple::

from flask import Flask
from flask_sslify import SSLify

app = Flask(__name__)
sslify = SSLify(app)

If you make an HTTP request, it will automatically redirect::

$ curl -I http://secure-samurai.herokuapp.com/
HTTP/1.1 302 FOUND
Content-length: 281
Content-Type: text/html; charset=utf-8
Date: Sun, 29 Apr 2012 21:39:36 GMT
Location: https://secure-samurai.herokuapp.com/
Server: gunicorn/0.14.2
Strict-Transport-Security: max-age=31536000
Connection: keep-alive

HTTP Strict Transport Security
------------------------------

Flask-SSLify also provides your application with an HSTS policy.

By default, HSTS is set for *one year* (31536000 seconds).

You can change the duration by passing the ``age`` parameter::

sslify = SSLify(app, age=300)

If you'd like to include subdomains in your HSTS policy, set the ``subdomains`` parameter::

sslify = SSLify(app, subdomains=True)

Or by including ``SSLIFY_SUBDOMAINS`` in your app's config.

HTTP 301 Redirects
------------------

By default, the redirect is issued with a HTTP 302 response. You can change that to a HTTP 301 response
by passing the ``permanent`` parameter::

sslify = SSLify(app, permanent=True)

Or by including ``SSLIFY_PERMANENT`` in your app's config.

Exclude Certain Paths from Being Redirected
-------------------------------------------
You can exlude a path that starts with given string by including a list called ``skips``::

sslify = SSLify(app, skips=['mypath', 'anotherpath'])

Or by including ``SSLIFY_SKIPS`` in your app's config.

Install
-------

Installation is simple too::

$ pip install Flask-SSLify

Security consideration using basic auth
---------------------------------------

When using basic auth, it is important that the redirect occurs before the user is prompted for
credentials. Flask-SSLify registers a ``before_request`` handler, to make sure this handler gets
executed before credentials are entered it is advisable to not prompt for any authentication
inside a ``before_request`` handler.

The example found at http://flask.pocoo.org/snippets/8/ works nicely, as the view function's
decorator will never have an effect before the ``before_request`` hooks are executed.