Flask url_for generating http URL instead of https

by

With Flask 0.10, there will be a much better solution available than wrapping url_for. If you look at https://github.com/mitsuhiko/flask/commit/b5069d07a24a3c3a54fb056aa6f4076a0e7088c7, a _scheme parameter has been added. Which means you can do the following:

url_for('secure_thingy',
        _external=True,
        _scheme="https",
        viewarg1=1, ...)

_scheme sets the URL scheme, generating a URL like https://.. instead of http://. However, by default Flask only generates paths (without host or scheme), so you will need to include the _external=True to go from /secure_thingy to https://example.com/secure_thingy.

However, consider making your website HTTPS-only instead. It seems that you’re trying to partially enforce HTTPS for only a few “secure” routes, but you can’t ensure that your https-URL is not changed if the page linking to the secure page is not encrypted. This is similar to mixed content.

More Related Contents:

  1. Flask app that routes based on subdomain
  2. Get the data received in a Flask request
  3. Configure Flask dev server to be visible across the network
  4. Get IP address of visitors using Flask for Python
  5. Is the server bundled with Flask safe to use in production?
  6. Get raw POST body in Python Flask regardless of Content-Type header
  7. Capture arbitrary path in Flask route
  8. RuntimeError: working outside of application context
  9. X-Forwarded-Proto and Flask
  10. Flask URL Route: Route Several URLs to the same function
  11. Handling large file uploads with Flask
  12. How to return a dict as a JSON response from a Flask view?
  13. How to get POSTed JSON in Flask?
  14. Handle Flask requests concurrently with threaded=True
  15. Make a POST request while redirecting in flask
  16. Saving upload in Flask only saves to project root
  17. What is the purpose of Flask’s context stacks?
  18. Passing a matplotlib figure to HTML (flask)
  19. How do I set response headers in Flask?
  20. Restrict static file access to logged in users
  21. Flask sqlalchemy many-to-many insert data
  22. 104, ‘Connection reset by peer’ socket error, or When does closing a socket result in a RST rather than FIN?
  23. Extending Flask class as main App
  24. CSS Problems with Flask Web App
  25. Python Flask, how to set content type
  26. how to get access to error message from abort command when using custom error handler
  27. Flask(‘application’) versus Flask(__name__)
  28. SQLAlchemy ordering by count on a many to many relationship
  29. How do I run a long-running job in the background in Python
  30. ModuleNotFoundError: No module named ‘MySQLdb’

Leave a Comment