root
/
flask
mirror of https://github.com/pallets/flask.git
1
0
Fork 0
Code Issues Actions 1 Packages Projects Releases Wiki Activity
5,435 Commits 4 Branches 68 Tags 38 MiB
Commit Graph

140 Commits

Author SHA1 Message Date
James Addison fb54159861
secret key rotation: fix key list ordering 
The `itsdangerous` serializer interface[1] expects keys to be
provided with the oldest key at index zero and the active signing key
at the end of the list.

We document[2] that `SECRET_KEY_FALLBACKS` should be configured with
the most recent first (at index zero), so to achieve the expected
behaviour, those should be inserted in reverse-order at the head of
the list.

[1] - https://itsdangerous.palletsprojects.com/en/stable/serializer/#itsdangerous.serializer.Serializer

[2] - https://flask.palletsprojects.com/en/stable/config/#SECRET_KEY_FALLBACKS
 2025-05-12 18:30:27 -07:00
David Lord 4995a775df
fix subdomain_matching=False behavior 2024-11-12 08:58:08 -08:00
David Lord e13373f838
enable secret key rotation 2024-11-08 08:09:01 -08:00
David Lord 9efc1ebeeb
add SESSION_COOKIE_PARTITIONED config 
co-authored-by: Jose Cespedes <josecespedes@ibm.com>
 2024-11-01 16:24:15 -07:00
David Lord c7a53888a1
add config and docs for limits 2024-11-01 13:17:53 -07:00
David Lord 54ff9b2972
use ruff linter and formatter 2023-11-09 10:27:01 -08:00
David Lord c49ce2e1eb
fix flake8 bugbear findings 2023-08-16 13:37:26 -07:00
David Lord 8705dd39c4
set `Vary: Cookie` header consistently for session 2023-05-01 08:10:52 -07:00
David Lord c24f8c8199
no cookie domain by default 2023-04-12 12:38:22 -07:00
David Lord fa0ceb62f2
Merge branch '2.2.x' 2023-04-12 10:57:53 -07:00
David Lord 04c21387db
update test cookie handling for Werkzeug 2.3 2023-04-12 10:55:00 -07:00
David Lord 2a33c17854
deprecate got_first_request property 2023-02-23 09:28:42 -08:00
David Lord 9c02f07f9b
deprecate markupsafe exports 2023-02-23 08:55:01 -08:00
David Lord 6650764e97
remove previously deprecated code 2023-02-23 08:35:16 -08:00
David Lord 99b34f7148
move and update flake8 config 2023-01-20 13:42:50 -08:00
David Lord 261e4a6cf2
fix flake8 bugbear errors 2023-01-18 10:32:51 -08:00
David Lord 69f9845ef2
add json provider interface 2022-07-13 07:42:52 -07:00
David Lord 82c2e0366c
remove uses of LocalStack 2022-07-08 11:13:09 -07:00
Grey Li ca2bfbb0ac
Support returning list as JSON 2022-07-02 21:41:32 -07:00
David Lord 84c722044a
new debug/test preserve context implementation 2022-07-01 12:01:44 -07:00
pgjones 762382e436
view functions can return generators as responses directly 2022-06-18 11:25:05 -07:00
Kevin Kirsche ed42e92928
session expiration datetime is UTC timezone-aware 2022-06-17 12:01:48 -07:00
David Lord 96c97dec09
deprecate before_first_request 2022-06-06 10:04:05 -07:00
David Lord e044b00047
avoid triggering setupmethod late in tests 2022-05-23 09:09:12 -07:00
Qingpeng Li 1e5dd43022
refactor error checks in register_error_handler 
Co-authored-by: David Lord <davidism@gmail.com>
 2022-05-03 11:52:11 -06:00
David Lord ef6c2b9e4a
clean up pytest.raises tests 2022-04-28 09:32:31 -07:00
David Lord c9a1f7ad65
don't intercept 307/308 routing redirects 
These don't change the request body, so the debug error is no longer relevant.
 2022-03-23 08:25:22 -07:00
David Lord e37e87140e
Merge branch '2.0.x' 2022-02-09 07:37:43 -08:00
David Lord 426a1e25b7
fix pytest 7 warnings 2022-02-08 12:26:25 -08:00
David Lord e609dddd60
drop Python 3.6 2021-11-11 16:11:43 -08:00
David Lord 8648750997
Merge branch '1.1.x' into 2.0.x 2021-05-13 18:47:06 -07:00
brettlangdon 3ace642ef3
Use compat fspath instead of os.fspath 
When 7ba35c4 was cherry-picked it introduced the
usage of os.fspath which is not supported on
Python <3.6
 2021-05-13 18:17:00 -07:00
David Lord 7c5261407d
blueprint name may not contain a dot 2021-05-13 14:31:50 -07:00
pgjones 705e52684a
Add syntatic sugar for route registration 
This takes a popular API whereby instead of passing the HTTP method as
an argument to route it is instead used as the method name i.e.

    @app.route("/", methods=["POST"])

is now writeable as,

    @app.post("/")

This is simply syntatic sugar, it doesn't do anything else, but makes
it slightly easier for users.

I've included all the methods that are relevant and aren't auto
generated i.e. not connect, head, options, and trace.
 2021-03-08 08:55:14 -08:00
Grey Li eb41e7e417 Silence pytest warnings for exception propagation test 2021-01-03 13:57:45 +08:00
Mathurshan Vimalesvaran 22987b6817
include samesite and secure when removing session cookie (#3726) 2020-11-04 18:16:05 -08:00
David Lord 373f0dd82e
update requirements (#3823) 2020-11-01 05:30:02 -08:00
Bogdan Opanchuk 8efea0ccbb
Break reference cycle created by default in Flask instances. 
Flask instances with static folders were creating a reference cycle
via their "static" view function (which held a strong reference back
to the Flask instance to call its `send_static_file` method). This
prevented CPython from freeing the memory for a Flask instance
when all external references to it were released.

Now use a weakref for the back reference to avoid this.

Co-authored-by: Joshua Bronson <jab@users.noreply.github.com>
 2020-10-03 10:05:05 -04:00
Christopher Nguyen 7b09a0904c
change make_response to use headers.update 2020-07-23 16:53:39 -07:00
Joshua Bronson b724832872 Cherry-pick 7ba35c4 from master (support pathlib.Path for static_folder) 2020-07-06 13:47:57 -04:00
Joshua Bronson 7ba35c4d4f Restore support for using pathlib.Path for static_folder. 
* No longer causes AttributeError: 'PosixPath' object has no
  attribute 'rstrip'.

* This was broken by e6178fe489
  which was released in 1.1.2.

* Add a regression test that now passes.

See #3557.
 2020-07-06 08:55:19 -04:00
David Lord f2f027d1fb
remove unused module docstrings 2020-04-04 12:28:08 -07:00
David Lord 2ae740dd49
f-strings everywhere 2020-04-04 12:10:00 -07:00
David Lord 524fd0bc8c
apply pyupgrade 2020-04-04 12:10:00 -07:00
David Lord 57d628ca74
remove more compat code 2020-04-04 12:10:00 -07:00
David Lord 662c245795
remove _compat module 2020-04-04 12:10:00 -07:00
David Lord 64ba43411f
Merge remote-tracking branch 'origin/1.1.x' 2020-02-15 10:40:32 -08:00
frostming d4076cf07c
strip the ending slash for static_url_path 2020-02-10 18:19:25 -08:00
Marc Hernandez Cabot 5da342e4dd
fix docstring and remove redundant parentheses 2020-02-10 17:03:52 -08:00
raymond-devries 900fa2f795 Feature request #3445. 2020-02-10 13:09:53 -08:00