 | Flask-MittenAdds security functions to Flask applications for preventing some of the basic threats |
| Download | |
Flask-Mitten Ranking & Summary
Advertisement
- License:
- BSD License
- Price:
- FREE
- Publisher Name:
- lanius
- Publisher web site:
- https://github.com/lanius/
Flask-Mitten Tags
Flask-Mitten Description
Flask-Mitten is a Flask extension that adds security functions to Flask applications for preventing some of the basic threats.FeaturesFlask-Mitten supports Flask applications to prevent following threats.- Clickjacking- CSRF- Information disclosure through banner grabbing- Session fixationIt bundles functions of following Flask extensions.- Flask-KVSession- flask-csrfMore details, see the implementation.UsageInstallationInstall the extension with the following commands:pip install Flask-MittenConfigurationApply the extention to your app:from flaskext.mitten import Mittenapp = Flask(__name__)mitten = Mitten(app)Request headers are overridden to prevent clickjacking and information disclosure.If you want to set your own banner, you can do it:mitten.banner = "My Nice Banner!"Preventing Session FixationAfter login, call a regenerate method of session:session.regenerate()The session ID is regenerated, and it prevents session fixation.Preventing CSRFTo embed CSRF token, add following line to your template:< input type="hidden" name="_csrf_token" value="{{ csrf_token() }}" / >A POST request is protected against CSRF automatically.If you want to exclude a route from CSRF protection, use a csrf_exempt decorator:@csrf_exempt@app.route('/public_api/', methods=)def public_api(): return "result", 200MoreFor more details, see an example app.Product's homepage
Flask-Mitten Related Software