root
/
flask
mirror of https://github.com/pallets/flask.git
1
0
Fork 0
Code Issues Actions 1 Packages Projects Releases Wiki Activity
5,466 Commits 4 Branches 68 Tags 38 MiB
Commit Graph

655 Commits

Author SHA1 Message Date
David Lord 6a64969009
pass context through dispatch methods 2025-09-19 17:33:30 -07:00
David Lord c2705ffd9c
merge app and request context 2025-09-19 16:43:53 -07:00
David Lord 330123258e
Merge branch 'stable' 2025-08-19 14:09:56 -07:00
kadai0308 daf1510a4b
use template_filter without parens 2025-08-19 12:33:21 -07:00
David Lord 9822a03515
refactor stream_with_context for async views 2025-08-19 08:18:55 -07:00
David Lord 53b8f08218
push preserved contexts in correct order 2025-08-18 09:45:56 -07:00
David Lord 52df9eed45
drop end of life python versions 2025-05-13 08:31:54 -07:00
James Addison fb54159861
secret key rotation: fix key list ordering 
The `itsdangerous` serializer interface[1] expects keys to be
provided with the oldest key at index zero and the active signing key
at the end of the list.

We document[2] that `SECRET_KEY_FALLBACKS` should be configured with
the most recent first (at index zero), so to achieve the expected
behaviour, those should be inserted in reverse-order at the head of
the list.

[1] - https://itsdangerous.palletsprojects.com/en/stable/serializer/#itsdangerous.serializer.Serializer

[2] - https://flask.palletsprojects.com/en/stable/config/#SECRET_KEY_FALLBACKS
 2025-05-12 18:30:27 -07:00
David Lord 41ec5760a2
remove tests about deprecated pkgutil.get_loader 2025-03-29 15:42:58 -07:00
David Lord 4f7156f2c3
configure and check trusted_hosts 2024-11-12 21:01:55 -08:00
David Lord 4995a775df
fix subdomain_matching=False behavior 2024-11-12 08:58:08 -08:00
David Lord e13373f838
enable secret key rotation 2024-11-08 08:09:01 -08:00
David Lord 2c31603042
update env file precedence 2024-11-07 11:54:29 -08:00
David Lord 9efc1ebeeb
add SESSION_COOKIE_PARTITIONED config 
co-authored-by: Jose Cespedes <josecespedes@ibm.com>
 2024-11-01 16:24:15 -07:00
David Lord c7a53888a1
add config and docs for limits 2024-11-01 13:17:53 -07:00
David Lord 28d5a4d718
add encoding parameter to open_resource 
co-authored-by: mark <lopkophacked@protonmail.com>
 2024-07-10 19:14:06 -07:00
David Lord 87d5f5b9a9
update project files (#5457) 
* update pre-commit hook
* upgrade pip with venv
* update description and version
* show url in publish environment
* update versions
* update versions, separate typing job
* use dependabot grouped updates
  ignore upload/download-artifact until slsa updates
* use sphinx.ext.extlinks instead of sphinx-issues
* update dev dependencies
* update editorconfig
* update gitignore
* update .readthedocs.yaml
* license is txt, readme is md
* update pyproject.toml
  add typed classifier
  add pyright config
  simplify urls
* tox builds docs in place
* update min test py version
* add tox env to update all dev dependencies
* update issue and pr templates
* rename security docs page to not conflict with org policy file
* simplify matrix
 2024-04-07 10:24:40 -07:00
Tony Huang 1af8f95785
fix super call in list comprehension 2024-02-03 12:36:06 -08:00
David Lord 54e05a2824
use ruff linter and formatter 2023-11-15 12:14:37 -08:00
pgjones 438edcdf01 Allow self as an argument to url_for 
This makes the Flask.url_for self argument positional only (Flask
supports Python 3.8+) thereby restoring the ability to pass self as a
value argument to url_for.
 2023-09-30 15:25:31 +01:00
David Lord 5bb30270d2
bump werkzeug 2.3.7 
use importlib.metadata.version
 2023-08-21 09:39:10 -07:00
David Lord 826514b8eb
fix flake8 bugbear findings 2023-08-16 13:37:56 -07:00
David Lord 0a00e1b608
use tmp_path instead of tmpdir 2023-05-02 10:38:27 -07:00
David Lord 1d7281fe07
remove egg test 
eggs aren't supported, and Python 3.12 removes setuptools
 2023-05-02 09:53:31 -07:00
David Lord 8705dd39c4
set `Vary: Cookie` header consistently for session 2023-05-01 08:10:52 -07:00
David Lord 2e8fe7b2f2
drop support for python 3.7 2023-04-20 11:09:55 -07:00
David Lord 84c007d34f
show subdomain or host in routes output 2023-04-14 09:43:00 -07:00
David Lord 9cb1a7a52d
blinker is required, signals are always available 2023-04-13 07:39:24 -07:00
David Lord c24f8c8199
no cookie domain by default 2023-04-12 12:38:22 -07:00
David Lord fa0ceb62f2
Merge branch '2.2.x' 2023-04-12 10:57:53 -07:00
David Lord 04c21387db
update test cookie handling for Werkzeug 2.3 2023-04-12 10:55:00 -07:00
Evgeny Mozhaev b8b410014d
require a non-empty name for blueprints 2023-03-11 08:26:36 -08:00
AntoineMath b10b6d4af1
add text parameter to config.from_file 2023-02-23 11:10:21 -08:00
David Lord 2a33c17854
deprecate got_first_request property 2023-02-23 09:28:42 -08:00
David Lord 9c02f07f9b
deprecate markupsafe exports 2023-02-23 08:55:01 -08:00
David Lord 6650764e97
remove previously deprecated code 2023-02-23 08:35:16 -08:00
David Lord 4ddb3f73ba
Merge branch '2.2.x' 2023-02-07 07:18:54 -08:00
pre-commit-ci[bot] a15da89dbb [pre-commit.ci] auto fixes from pre-commit.com hooks 
for more information, see https://pre-commit.ci
 2023-02-07 04:43:02 +00:00
David Lord 99b34f7148
move and update flake8 config 2023-01-20 13:42:50 -08:00
David Lord 3a35977d5f
stop ignoring flake8 e402 2023-01-19 06:35:15 -08:00
David Lord 261e4a6cf2
fix flake8 bugbear errors 2023-01-18 10:32:51 -08:00
pgjones cabda59353 Ensure that blueprint subdomains suffix-chain 
This ensures that a child's subdomain prefixs any parent subdomain
such that the full domain is child.parent.domain.tld and onwards with
further nesting. This makes the most sense to users and mimics how
url_prefixes work (although subdomains suffix).
 2023-01-04 18:06:04 +00:00
Josh Michael Karamuth d7b6c1f670 Fix subdomain inheritance for nested blueprints. 
Fixes #4834
 2023-01-04 16:19:52 +00:00
David Lord d178653b5f
update requirements 2022-11-25 07:39:54 -08:00
David Lord bfdd37110c
deprecate config attributes 2022-08-01 16:58:55 -07:00
David Lord ef95998d79
deprecate FLASK_ENV 2022-08-01 15:11:21 -07:00
David Lord 5d8e35653f
refactor lazy loading 
Remove the `--eager-loading/--lazy-loading` options and the
`DispatchingApp` middleware. The `run` command handles loading
exceptions directly. The reloader always prints out tracebacks
immediately and always defers raising the error.
 2022-08-01 10:34:13 -07:00
Matthijs van der Vleuten 4bf7415a96
allow TypedDict as a response value 2022-07-14 14:15:05 -07:00
David Lord 69f9845ef2
add json provider interface 2022-07-13 07:42:52 -07:00
pgjones 91044c4d76 Change _cv_req -> _cv_request 
This is a clearer name for the variable.
 2022-07-09 13:41:35 +01:00