https://github.com/tempehs/secure_flask_pwa_template
A secure by design Flask Template ready for developing a PWA in VSCode or Codespaces.
https://github.com/tempehs/secure_flask_pwa_template
boilerplate codespaces css flask html5 progressive-web-app pwa pwa-boilerplate python3 template vscode
Last synced: 9 months ago
JSON representation
A secure by design Flask Template ready for developing a PWA in VSCode or Codespaces.
- Host: GitHub
- URL: https://github.com/tempehs/secure_flask_pwa_template
- Owner: TempeHS
- License: gpl-3.0
- Created: 2024-09-26T23:01:05.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2025-01-29T04:26:21.000Z (over 1 year ago)
- Last Synced: 2025-01-29T05:25:09.362Z (over 1 year ago)
- Topics: boilerplate, codespaces, css, flask, html5, progressive-web-app, pwa, pwa-boilerplate, python3, template, vscode
- Language: HTML
- Homepage:
- Size: 121 KB
- Stars: 0
- Watchers: 0
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Security: security_log.log
Awesome Lists containing this project
README
# Secure Flask Bootstrap PWA Template
This Flask template has been built from the ground up to be a secure Progressive Web App. It includes a secure form and Bootstrap sample components ready to be connected to a SQLite3 database. All minimum PWA standards have been integrated, and placeholder images have been provided for all the icon and image components.
## Dependencies
- VSCode or GitHub Codespaces (preconfigured for docker)
- Python 3+
- pip install Flask
- pip install SQLite3
- pip install bcrypt
- pip install flask_wtf
## Secure Features
- Strict Content Security Policy
- No inline ``.
- Restricted `` loading
- CORS JS blocked
- HTML Languaged declared.
- Meta character set declared.
- Private folders use .folderName syntax.
- [Bootstrap 5.3](https://getbootstrap.com/) components served local files.
- CSRFProtect applied to form.
- Form Pattern expression declared.
## To be implemented by developers
- Web content, [Bootstrap 5.3](https://getbootstrap.com/) ready
- [SQLite](https://docs.python.org/3/library/sqlite3.html) database design and integration
- Input sanitisation
- Login, authentication or session management
- Password encryption using [bcrypt](https://pypi.org/project/bcrypt/)
- SSL Encryption
## Privacy advice for developers
- The app should have a privacy handling policy
- Only data essential for the app should be collected
- Users should be given the option to download or delete their data
- Passwords should be encrypted, including a salt, before hashing
## Security advice for developers
- All inputs should be sanitised before processing or storing
- If including login, authentication and session management should be implemented
- SSL Encryption and HTTPS should be implemented
- Use Jinga2 components when passing variables to the frontend
- Use query parameters for all SQL queries
## Content advice for developers
- All templates are [Bootstrap 5.3](https://getbootstrap.com/) ready
- [SQLite](https://docs.python.org/3/library/sqlite3.html) has been provided for database design
> [!TIP]
> Developers should [monitor Bootstrap 5.3.3 for discovered vulnerabilities](https://security.snyk.io/package/npm/bootstrap) and patch or update as needed.