mirror of https://github.com/pallets/flask.git
Compare commits
7 Commits
b9e5df7580
...
e87aa7c62c
| Author | SHA1 | Date |
|---|---|---|
Ranveer Verma
|
e87aa7c62c | |
David Lord
|
d6009c0aeb | |
|
David Lord
|
2b42a803a2 | |
|
David Lord
|
211cce038a | |
|
David Lord
|
a7b67c99f9 | |
|
David Lord
|
a758915893 | |
|
Rajveer Verma
|
676aa43430 |
|
|
@ -1,3 +1,5 @@
|
|||
<div align="center"><img src="https://raw.githubusercontent.com/pallets/flask/refs/heads/stable/docs/_static/flask-horizontal.svg" alt="" height="150"></div>
|
||||
|
||||
# Flask
|
||||
|
||||
Flask is a lightweight [WSGI] web application framework. It is designed
|
||||
|
|
|
|||
Binary file not shown.
|
Before Width: | Height: | Size: 24 KiB |
File diff suppressed because one or more lines are too long
|
After Width: | Height: | Size: 5.7 KiB |
|
|
@ -0,0 +1 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg width="100%" height="100%" viewBox="0 0 1000 1000" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;"><g><path d="M448.955,119.915c-0.579,59.76 13.398,192.715 18.542,238.988l-356.626,159.589c-23.367,-39.985 -40.836,-96.035 -51.551,-140.858l-2.503,1.065c-8.573,3.718 -16.932,2.18 -20.609,-3.664l-0.456,-0.734l-34.175,-62.778c-2.402,-4.381 -2.054,-10.547 1.006,-16.32c3.06,-5.777 8.827,-11.157 14.901,-13.815l409.395,-175.316c6.074,-2.657 12.451,-2.59 16.655,0.176c4.44,2.587 5.304,5.387 5.421,13.667Z" style="fill:#3babc3;fill-rule:nonzero;"/><path d="M477.297,411.517l-343.415,153.677c20.185,38.246 45.103,78.851 75.476,118.011l302.647,-154.214c-6.532,-16.924 -12.929,-35.311 -34.708,-117.474Z" style="fill:#3babc3;fill-rule:nonzero;"/><path d="M243.67,724.046l289.522,-147.543c30.054,59.626 66.144,102.294 104.553,132.415c86.929,68.257 183.958,71.364 241.412,65.146l-1.966,-9.7c-0.612,-3.136 0.28,-5.597 3.584,-6.859l30.59,-11.989c5.211,-2.017 10.611,-0.495 14.279,3.584l31.177,-12.015c4.981,-2.008 10.611,-0.494 14.233,3.564l24.268,37.075c11.806,16.723 -1.924,27.342 -6.368,29.035l-39.431,15.407c1.542,5.232 1.471,13.31 -9.022,17.288l-30.636,11.969c-9.584,3.739 -16.61,-2.411 -17.524,-8.292l-0.998,-5.224c-184.485,74.282 -330.818,70.194 -445.692,26.944c-82.561,-31.081 -149.05,-82.639 -201.981,-140.805Z" style="fill:#3babc3;fill-rule:nonzero;"/></g></svg>
|
||||
|
After Width: | Height: | Size: 1.7 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 16 KiB |
File diff suppressed because one or more lines are too long
|
After Width: | Height: | Size: 6.0 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 3.9 KiB |
|
|
@ -58,8 +58,8 @@ html_sidebars = {
|
|||
}
|
||||
singlehtml_sidebars = {"index": ["project.html", "localtoc.html", "ethicalads.html"]}
|
||||
html_static_path = ["_static"]
|
||||
html_favicon = "_static/shortcut-icon.png"
|
||||
html_logo = "_static/flask-vertical.png"
|
||||
html_favicon = "_static/flask-icon.svg"
|
||||
html_logo = "_static/flask-vertical.svg"
|
||||
html_title = f"Flask Documentation ({version})"
|
||||
html_show_sourcelink = False
|
||||
|
||||
|
|
|
|||
|
|
@ -3,8 +3,9 @@
|
|||
Welcome to Flask
|
||||
================
|
||||
|
||||
.. image:: _static/flask-horizontal.png
|
||||
.. image:: _static/flask-horizontal.svg
|
||||
:align: center
|
||||
:height: 200px
|
||||
|
||||
Welcome to Flask's documentation. Flask is a lightweight WSGI web application framework.
|
||||
It is designed to make getting started quick and easy, with the ability to scale up to
|
||||
|
|
|
|||
|
|
@ -9,6 +9,30 @@ will depend on each application's specific needs and threat model. Many hosting
|
|||
platforms may take care of certain types of problems without the need for the
|
||||
Flask application to handle them.
|
||||
|
||||
Host Header Injection and External URLs
|
||||
---------------------------------------
|
||||
|
||||
When generating external URLs using :func:`url_for` with the ``_external=True`` argument,
|
||||
Flask constructs the URL using the requeust's ``Host`` header by default. If your application
|
||||
does not explicitly set the :data:`SERVER_NAME` configuration or use :data:`trusted_hosts`,
|
||||
this can make your app vulnerable to host header injection attacks. This is especially
|
||||
critical when generating links for password resets or other sensitive actions that may be
|
||||
sent to users.
|
||||
|
||||
.. warning::
|
||||
|
||||
**Host Header Injection Risk:** If an attacker can control the ``Host`` header in a request,
|
||||
they may be able to generate links pointing to malicious domains. This is a risk when
|
||||
using ``url_for(..., _external=True)`` without proper configuration.
|
||||
|
||||
**Best Practices:**
|
||||
|
||||
- Always set :data:`SERVER_NAME` in your configuration for production deployments.
|
||||
- Consider using :data:`trusted_hosts` to restrict which hosts are accepted.
|
||||
- Review the :doc:`/deploying/proxy_fix` documentation for more details on handling proxies and headers securely.
|
||||
|
||||
For more information, see :issue:`5718`.
|
||||
|
||||
Resource Use
|
||||
------------
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue