Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Flask-Talisman breaks Flask-Bootstrap

Tags:

python

https

ssl

flask

flask-bootstrap

I want my website to always redirect to the secure https version of the site, and I'm using flask-talisman to do this. However for some reason adding this seemingly-unrelated line of code is breaking the flask-bootstrap formatting on my website.

This is what the original __init__.py file and website looked like before adding flask-talisman:

from flask import Flask
from config import Config
from flask_sqlalchemy import SQLAlchemy
from flask_migrate import Migrate
from flask_bootstrap import Bootstrap
from flask_heroku import Heroku


app = Flask(__name__)
app.config.from_object(Config)
Bootstrap(app)
heroku = Heroku(app)
db = SQLAlchemy(app)
migrate = Migrate(app, db)

from app import routes, models

enter image description here

And this is what the __init__.py file and website look like after adding flask-talisman:

from flask import Flask
from config import Config
from flask_sqlalchemy import SQLAlchemy
from flask_migrate import Migrate
from flask_talisman import Talisman
from flask_bootstrap import Bootstrap
from flask_heroku import Heroku


app = Flask(__name__)
app.config.from_object(Config)
Bootstrap(app)
Talisman(app)
heroku = Heroku(app)
db = SQLAlchemy(app)
migrate = Migrate(app, db)

from app import routes, models

enter image description here

Changing the order of the lines Bootstrap(app) and Talisman(app) doesn't make any difference either. Any ideas? I want my website to be secure, but not at the cost of breaking all of the formatting.

like image 418
jon_simon Avatar asked Feb 17 '19 04:02

jon_simon

2 Answers

It's an old thread, but the answer is that you need to whitelist your allowed sites, like in this example (directly from flask-talisman web site):

csp = {
 'default-src': [
        '\'self\'',
        'cdnjs.cloudflare.com'
    ]
}
talisman = Talisman(app, content_security_policy=csp)
like image 114
jrborba Avatar answered Oct 31 '22 04:10

jrborba

Building on jrborba's answer above, this is what I have used to prevent Tailsman from breaking Bootstrap and jQuery, but you may not need to use the unsafe-inline line as I did.

csp = {
    'default-src': [
        '\'self\'',
        '\'unsafe-inline\'',
        'stackpath.bootstrapcdn.com',
        'code.jquery.com',
        'cdn.jsdelivr.net'
    ]
}
talisman = Talisman(app, content_security_policy=csp)
like image 32
Sneakerhead Farb Avatar answered Oct 31 '22 03:10

Sneakerhead Farb
Sign in to Comment

Related questions

Numpy Random Choice not working for 2-dimentional list
Correct way to use GeoPy Nominatim
How to implement "positional-only parameter" in a user defined function in python?
Create pandas dataframe from string (in csv format)
Perspective transform with Python PIL using src / target coordinates
Replace string in PySpark
Align text in the putText() in OpenCV
How can I fix "Error tokenizing data" on pandas csv reader?
How to change languages(translations) dynamically on PyQt5?
Find most common string in a 2D list
Python TypeError : only integer scalar arrays can be converted to a scalar index
Python ValueError: unconverted data remains:
"TypeError: Singleton array cannot be considered a valid collection" using sklearn train_test_split
TypeError: _transform() takes 2 positional arguments but 3 were given
Array: Insert with negative index [duplicate]
Transform a 3-column dataframe into a matrix
how to fix - error: bad escape \u at position 0
Unable to verify secret hash for client at REFRESH_TOKEN_AUTH
Find gaps in pandas time series dataframe sampled at 1 minute intervals and fill the gaps with new rows
Pyspark 2.4.0, read avro from kafka with read stream - Python

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!