Menu
I have a Flask app that uses a custom decorator to verify an AWS Cognito login token passed in an HTTP header attribute. The process includes refreshing the token (which is beyond the scope of this question). Once I get the refreshed token, I would like to update the header attribute to include the refreshed token and exit. Since the Flask/Werkzeug request.headers property is immutable, I can't update it by normal means.
How can I update the headers in the context of this decorator? Is there a better way that I am not thinking of?
Here's some sample code that demonstrates the issue:
def login_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
token = request.headers.get('X-MyApp-Auth')
if not token:
return redirect(url_for('login', next=request.url))
# Test for expired token (pseudocode)
if expired(token):
# Refresh the token (pseudocode)
new_token = refresh(refresh_token)
# This is the part where the immutability gets me stuck
request.headers.set('X-MyApp-Auth', new_token)
return f(*args, **kwargs)
return decorated_function
935
To set response headers in Flask and Python, we set the headers property of the response object. to call make_response to create response object that returns a string response. Finally, we return the resp object in the home route.
No, it does not matter for headers with different names. See RFC 2616, section 4.2: The order in which header fields with differing field names are received is not significant.
Headers is class within the flask. app module of the Flask web framework that is imported from the datastructures module of the Werkzeug project. Headers handles the HTTP headers from requests and responses for Flask web applications.
Flask HTTP methods, handle GET & POST requests. Flask has different decorators to handle http requests. Http protocol is the basis for data communication in the World Wide Web.. Different methods for retrieving data from a specified URL are defined in this protocol.
Flask POST request is defined as an HTTP protocol method that enables users to send HTML form data to server. The HTTP protocol is the foundation of data communication and is basically defined as an application layer for collaborative, distributed, hypermedia information systems.
What Are HTTP Security Headers Exactly? When a user tries to access a page, his browser requests it from a web server. The server then responds with the content along with appropriate HTTP Response Headers which contain meta data, status error codes, cache rules and so on.
This header enables you to specify when the browser should set Referer headers. The use of this header can be considered as “optional”, but is advised. It’s great for analytics, but not so much for user privacy. Deploy it if you want to keep your analytic data out of your competitors’ hands.
This example wraps the Flask application in a custom WSGI middleware that modifies the WSGI environment before Flask request handling:
from flask import Flask, request, jsonify
class InterceptRequestMiddleware:
def __init__(self, wsgi_app):
self.wsgi_app = wsgi_app
def __call__(self, environ, start_response):
environ['HTTP_USER_AGENT'] = 'foobar'
return self.wsgi_app(environ, start_response)
app = Flask(__name__)
app.wsgi_app = InterceptRequestMiddleware(app.wsgi_app)
@app.route('/')
def index():
return jsonify({'headers': {k: v for k, v in request.headers}})
if __name__ == '__main__':
app.run(debug=True)
Links:
Flask.wsgi_app documentation
132
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
