堆栈内存溢出
  简体   繁体   English

Flask-Talisman 打破了 Flask-Bootstrap

[英]Flask-Talisman breaks Flask-Bootstrap

 原文  2019-02-17 04:44:32       python/ ssl/ flask/ https/ flask-bootstrap

问题描述

I want my website to always redirect to the secure https version of the site, and I'm using flask-talisman to do this.我希望我的网站始终重定向到该网站的安全 https 版本,我正在使用flask-talisman来做到这一点。 However for some reason adding this seemingly-unrelated line of code is breaking the flask-bootstrap formatting on my website.但是,由于某种原因,添加这行看似无关的代码会破坏我网站上的flask-bootstrap格式。

This is what the original __init__.py file and website looked like before adding flask-talisman :这是在添加flask-talisman之前原始__init__.py文件和网站的样子:

from flask import Flask
from config import Config
from flask_sqlalchemy import SQLAlchemy
from flask_migrate import Migrate
from flask_bootstrap import Bootstrap
from flask_heroku import Heroku


app = Flask(__name__)
app.config.from_object(Config)
Bootstrap(app)
heroku = Heroku(app)
db = SQLAlchemy(app)
migrate = Migrate(app, db)

from app import routes, models

在此处输入图片说明

And this is what the __init__.py file and website look like after adding flask-talisman :这是__init__.py文件和网站在添加flask-talisman后的样子:

from flask import Flask
from config import Config
from flask_sqlalchemy import SQLAlchemy
from flask_migrate import Migrate
from flask_talisman import Talisman
from flask_bootstrap import Bootstrap
from flask_heroku import Heroku


app = Flask(__name__)
app.config.from_object(Config)
Bootstrap(app)
Talisman(app)
heroku = Heroku(app)
db = SQLAlchemy(app)
migrate = Migrate(app, db)

from app import routes, models

在此处输入图片说明

Changing the order of the lines Bootstrap(app) and Talisman(app) doesn't make any difference either.更改Bootstrap(app)Talisman(app)行的顺序也没有任何区别。 Any ideas?有任何想法吗? I want my website to be secure, but not at the cost of breaking all of the formatting.我希望我的网站安全,但不以破坏所有格式为代价。

2 个解决方案

解决方案1
 10  2019-04-21 22:36:06

It's an old thread, but the answer is that you need to whitelist your allowed sites, like in this example (directly fromflask-talisman web site):这是一个旧线程,但答案是您需要将允许的站点列入白名单,就像在这个例子中一样(直接来自烧瓶护身符网站):

csp = {
 'default-src': [
        '\'self\'',
        'cdnjs.cloudflare.com'
    ]
}
talisman = Talisman(app, content_security_policy=csp)

解决方案2
 3  2020-02-07 15:52:54

Building on jrborba 's answer above, this is what I have used to prevent Tailsman from breaking Bootstrap and jQuery, but you may not need to use the unsafe-inline line as I did.基于jrborba上面的回答,这是我用来防止 Tailsman 破坏 Bootstrap 和 jQuery 的方法,但您可能不需要像我一样使用 unsafe-inline 行。

csp = {
    'default-src': [
        '\'self\'',
        '\'unsafe-inline\'',
        'stackpath.bootstrapcdn.com',
        'code.jquery.com',
        'cdn.jsdelivr.net'
    ]
}
talisman = Talisman(app, content_security_policy=csp)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Flask-Talisman 打破了 flask-restplus 的 swagger 文档 - Flask-Talisman breaks flask-restplus' swagger documentation Flask-Bootstrap如何工作? - How Flask-Bootstrap works? Flask-Bootstrap自定义Flask-Security - Flask-bootstrap customizing Flask-security 烧瓶护身符似乎打破了任何内联样式。 覆盖它的最佳方法是什么? - Flask-talisman seems to break with any inline styles. What is the best way to override this? 如何在 Flask-Bootstrap 中使用 Bootstrap 4? - How to use Bootstrap 4 in Flask-Bootstrap? 使用带有 Flask-Bootstrap 的 Bootstrap 主题 - Using a Bootstrap theme with Flask-Bootstrap flask-bootstrap在一个页面中有两个表单 - flask-bootstrap with two forms in one page 如何在Spyder中使用Flask-Bootstrap? - How to use Flask-Bootstrap in Spyder? Flask-Bootstrap,flask-wtf,添加类提交按钮 - Flask-Bootstrap, flask-wtf, adding class to submit button Flask 使用flask-bootstrap时错误查找模板 - Flask error finding template when using flask-bootstrap
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM