Add response headers to flask web app - python

I have a flask web app which uses render_template as follows.I need to add a Content-Security-Policy as additional http response headerin the response. I tried following ways but both fail and give me 500.
1.
from flask import \
Flask, \
render_template
app = Flask(__name__,template_folder='tmpl')
#app.route('/')
def index():
resp =make_response(render_template('index.html'))
resp.headers['Content-Security-Policy']='default-src \'self\''
return resp
if __name__ == '__main__':
app.run(host='0.0.0.0', port=3001)
2.
#app.route('/')
def index():
resp =render_template('index.html')
resp.headers.add('Content-Security-Policy','default-src \'self\'')
return resp
if __name__ == '__main__':
app.run(host='0.0.0.0', port=3001)
What can be wrong here?
On the terminal i see following when I access the web app as localhost:3001
127.0.0.1 - - [06/Apr/2015 01:45:01] "GET / HTTP/1.1" 500 -


render_template returns a string, not a response. A string returned from a view is automatically wrapped in a response by Flask, which is why you may be confused. Construct the response with the rendered template.
from flask import make_response
r = make_response(render_template('index.html'))
r.headers.set('Content-Security-Policy', "default-src 'self'")
return r


The prettiest way to handle this, assuming that you want to same headers attached to all of your responses is with flasks builtin decorator:
#app.after_request
So in this case just add this function to your routes module:
#app.after_request
def add_security_headers(resp):
resp.headers['Content-Security-Policy']='default-src \'self\''
return resp
With this in place your functions just return the render_template(...) value as before and flask automatically wraps it in a response which is passed to the after_request function before being returned to the client.

Related

redirect a POST to GET request

I'm trying to understand what is the best way a POST request can be redirected to a GET request.
for example -
POST /redirect HTTP/1.1
Host: www.example1.com
url=www.example2.com
and i've created the following flask to help me with that :
from flask import Flask,request, redirect
app = Flask(__name__)
#app.route('/redirect',methods=['POST'])
def redire():
url = request.form['url']
return redirect('https://www.example2.com', code=307)
if __name__ == '__main__':
app.run(host='0.0.0.0', port=8888)
the "issue" in my case, is that the request that is being sent to
https://www.example2.com
is also a POST request which is not what i wanted.
Consider that I don't "care" about the body that needs to be sent to the
https://www.example2.com
endpoint, what is the best way to do so without any user intervention (meaning that I'm aiming for an auto redirect).
Note: I've tried to do it via PHP but I can't seem to figure it out.
Apologies if something is not clear.

In order to redirect a POST request to a GET request, you need to use code=303 because it requires the client to use the GET method to retrieve the requested resource.
#app.route('/redirect',methods=['POST'])
def redire():
url = request.form['url']
return redirect('https://www.example2.com', code=303)

the server
from flask import Flask, redirect
app = Flask(__name__)
#app.route('/redirect', methods=['POST'])
def redire():
return redirect('http://127.0.0.1:8888/get')
#app.route('/get', methods=['GET'])
def iam_get():
return {"code": "ok"}
if __name__ == '__main__':
app.run(host='0.0.0.0', port=8888)
the client
import requests
data = requests.get("http://127.0.0.1:8888/get")
print(data.text)
data = requests.post("http://127.0.0.1:8888/redirect")
print(data.text)
the result as follows
{"code":"ok"}
{"code":"ok"}

Python flask url not working for parameters in given in postman

I am trying to create a python flask API for the prediction app in the code there are two functions one is get_location_name which works fine in postman but the other get_estimated_price() is not working.
it is said that I have to give parameters in the body which I have given in the form data. but still facing this issue. I am not able to understand what to do now
below is the code
postman image
error on post
from flask import Flask, request, jsonify
import util
app = Flask(__name__)
#app.route('/get_location_names')
def get_location_names():
response = jsonify({
'locations': util.get_location_names()})
response.headers.add('Access-Control-
Allow-Origin', '*')
return response
#app.route('/get_estimated_price', methods =
['POST'])
def get_estimated_price():
total_sqft =
float(request.form['total_sqft'])
location = request.form['location']
bhk = int(request.form['bhk'])
bath = int(request.form['bath'])
response = jsonify({
'estimated_price':util.get_estimated_price(location,total_sqft,bhk,bath)
})
response.headers.add('Access-Control-Origin','*')
return response
if __name__=="__main__":
print("starting Python Flask Server for Home Price Prediction....")
util.load_saved_Artifacts()
app.run()
GET request

You have added the params in the body section of the request. Switch to the params tab. When you have successfully added the params they will appear in the URL request.
E.g when adding params correctly,
https://123.12.1/get_price?param1=3?param2=a
Hope this helps.

Python Requests package hits url twice

I am trying to create a synonym list for words by hitting a synonyms api. I am using Flask and the requests package.
I am calling this function only once after grabbing information from a webform via a flask route.
Code:
import requests
from flask import Flask, request, render_template, flash
import environment
app = Flask(__name__)
#app.route("/", methods=["GET", "POST"])
def index():
if request.method == "POST":
keywords = request.form["key1"]
synonyms = syn_look(keywords)
return render_template("index.html", syns=synonyms)
return render_template("index.html")
def syn_look(word):
URL = "http://words.bighugelabs.com/api/2/%s/%s/json"
request_url = URL %(environment.thesaurus_api_key, word)
r = requests.get(request_url)
print r.status_code
if __name__ == "__main__":
app.debug = False
app.run()
The status prints twice
output:
* Restarting with reloader
* Detected change in 'server.py', reloading
* Restarting with reloader
127.0.0.1 - - [10/Jan/2014 17:22:03] "GET / HTTP/1.1" 200 -
200
404

Are you certain you're formatting request_url correctly?
You can see in the GET request, a 404 is printed on the last line. This is the HTTP 404 Error, file not found. I'm betting this is why you see the 'reloading' messages in the console output.

Flask error handling: "Response object is not iterable"

I'm trying to set of a REST web service using Flask. I'm having a problem with the error handling #app.errorhandler(404)
#!flask/bin/python
from flask import Flask, jsonify, abort
app = Flask(__name__)
#app.errorhandler(404)
def not_found(error):
return jsonify({'error':'not found'}), 404
if __name__ == '__main__':
app.run(debug = True)
When I cURL it, I get nothing. In my debugger, it's telling me I have a TypeError: 'Response' object is not iterable
I used jsonify in another method with a dictionary with no problem, but when I return it as an error, it doesn't work. Any ideas?

from flask import Flask, jsonify
app = Flask(__name__)
#app.errorhandler(404)
def not_found(error):
return jsonify({'error':'not found'}), 404
app.run()
With code above, curl http://localhost:5000/ give me:
{
"error": "not found"
}
Are you using flask.jsonify?

As mentioned in the comments for the previous answer, that code isn't supported on Flask 0.8, and would require 0.9 or higher. If you need to support Flask 0.8, here is a compatible version that assigns the "status_code" instead:
#app.errorhandler(404)
def not_found(error):
resp = jsonify({'error':'not found'})
resp.status_code = 404
return resp

Redirecting to URL in Flask

I'm trying to do the equivalent of Response.redirect as in C# - i.e.: redirect to a specific URL - how do I go about this?
Here is my code:
import os
from flask import Flask
app = Flask(__name__)
#app.route('/')
def hello():
return 'Hello World!'
if __name__ == '__main__':
# Bind to PORT if defined, otherwise default to 5000.
port = int(os.environ.get('PORT', 5000))
app.run(host='0.0.0.0', port=port)

You have to return a redirect:
import os
from flask import Flask,redirect
app = Flask(__name__)
#app.route('/')
def hello():
return redirect("http://www.example.com", code=302)
if __name__ == '__main__':
# Bind to PORT if defined, otherwise default to 5000.
port = int(os.environ.get('PORT', 5000))
app.run(host='0.0.0.0', port=port)
See the documentation on flask docs. The default value for code is 302 so code=302 can be omitted or replaced by other redirect code (one in 301, 302, 303, 305, and 307).

#!/usr/bin/env python
# -*- coding: utf-8 -*-
import os
from flask import Flask, redirect, url_for
app = Flask(__name__)
#app.route('/')
def hello():
return redirect(url_for('foo'))
#app.route('/foo')
def foo():
return 'Hello Foo!'
if __name__ == '__main__':
# Bind to PORT if defined, otherwise default to 5000.
port = int(os.environ.get('PORT', 5000))
app.run(host='0.0.0.0', port=port)
Take a look at the example in the documentation.

From the Flask API Documentation (v. 2.0.x):
flask.redirect(location, code=302, Response=None)
Returns a response object (a WSGI application) that, if called, redirects the client to the target location. Supported codes are 301, 302, 303, 305, and 307. 300 is not supported because it’s not a real redirect and 304 because it’s the answer for a request with a request with defined If-Modified-Since headers.
New in version 0.6: The location can now be a unicode string that is
encoded using the iri_to_uri() function.
Parameters:
location – the location the response should redirect to.
code – the redirect status code. defaults to 302.
Response (class) – a Response class to use when instantiating a response. The default is werkzeug.wrappers.Response if unspecified.

I believe that this question deserves an updated. Just compare with other approaches.
Here's how you do redirection (3xx) from one url to another in Flask (0.12.2):
#!/usr/bin/env python
from flask import Flask, redirect
app = Flask(__name__)
#app.route("/")
def index():
return redirect('/you_were_redirected')
#app.route("/you_were_redirected")
def redirected():
return "You were redirected. Congrats :)!"
if __name__ == "__main__":
app.run(host="0.0.0.0",port=8000,debug=True)
For other official references, here.

flask.redirect(location, code=302)
Docs can be found here.

Flask includes the redirect function for redirecting to any url. Futhermore, you can abort a request early with an error code with abort:
from flask import abort, Flask, redirect, url_for
app = Flask(__name__)
#app.route('/')
def hello():
return redirect(url_for('hello'))
#app.route('/hello'):
def world:
abort(401)
By default a black and white error page is shown for each error code.
The redirect method takes by default the code 302. A list for http status codes here.

its pretty easy if u just want to redirect to a url without any status codes or anything like that u can simple say
from flask import Flask, redirect
app = Flask(__name__)
#app.route('/')
def redirect_to_link():
# return redirect method, NOTE: replace google.com with the link u want
return redirect('https://google.com')
here is the link to the Flask Docs for more explanation

For this you can simply use the redirect function that is included in flask
from flask import Flask, redirect
app = Flask(__name__)
#app.route('/')
def hello():
return redirect("https://www.exampleURL.com", code = 302)
if __name__ == "__main__":
app.run()
Another useful tip(as you're new to flask), is to add app.debug = True after initializing the flask object as the debugger output helps a lot while figuring out what's wrong.

There are two ways you can redirect to a URL in Flask.
You want to for example, redirect a user to another route after he or she login, etc.
You might also want to redirect a user to a route that expect some variable example: #app.route('/post/<string:post_id>')
Well, to implement flask redirect for case # 1, its simple, just do:
from flask import Flask,redirect,render_template,url_for
app = Flask(__name__)
#app.route('/login')
def login():
# if user credentials are valid, redirect to user dashboard
if login == True:
return redirect(url_for(app.dashboard))
else:
print("Login failed !, invalid credentials")
return render_template('login.html',title="Home Page")
#app.route('/dashboard')
def dashboard():
return render_template('dashboard.html',title="Dashboard")
To implement flask redirect for case #2, do the following
from flask import Flask,redirect,render_template,url_for
app = Flask(__name__)
#app.route('/home')
def home():
# do some logic, example get post id
if my_post_id:
# **Note:** post_id is the variable name in the open_post route
# We need to pass it as **post_id=my_post_id**
return redirect(url_for(app.open_post,post_id=my_post_id))
else:
print("Post you are looking for does not exist")
return render_template('index.html',title="Home Page")
#app.route('/post/<string:post_id>')
def open_post():
return render_template('readPost.html',title="Read Post")
Same thing can be done in view
Please Note: when redirecting always use the app.home or app.something.. (route or view function name) instead of using redirect("/home").
Reason is, if you modify the route example from "/home" to "/index/page" for some reason, then your code will break

You can use like this:
import os
from flask import Flask
app = Flask(__name__)
#app.route('/')
def hello():
# Redirect from here, replace your custom site url "www.google.com"
return redirect("https://www.google.com", code=200)
if __name__ == '__main__':
# Bind to PORT if defined, otherwise default to 5000.
port = int(os.environ.get('PORT', 5000))
app.run(host='0.0.0.0', port=port)
Here is the referenced link to this code.

How to Redirect Users / Requests in Flask
Throwing an Error inside of your API handler function will redirect your user to an error handler, which can handle redirection. Alternatively you can just call redirect like everyone else is saying, but this is another way of redirecting unauthorized users. To demonstrate what I mean, I've provided an example below.
In a case where Users should be Authorized
First lets assume you have a protected route of which you protected like this.
def handle_api_auth(func):
"""
**handle_api_auth**
wrapper to handle public api calls authentications
:param func: a function to be wrapped
:return: wrapped function
"""
#functools.wraps(func)
def auth_wrapper(*args, **kwargs):
api_key: Optional[str] = request.headers.get('x-api-key')
secret_token: Optional[str] = request.headers.get('x-secret-token')
domain: Optional[str] = request.base_url
if is_request_valid(api_key=api_key, secret=secret_token, domain=domain):
return func(*args, **kwargs)
# NOTE: throwing an Error Here will redirect your user to an error handler or alteratively you can just call redirect like everyone else is saying, but this is another way of redirecting unathorized users
message: str = "request not authorized"
raise UnAuthenticatedError(status=error_codes.un_auth_error_code, description=message)
return auth_wrapper
Definition of is_request_valid is as follows
#app_cache.cache.memoize(timeout=15 * 60, cache_none=False) # timeout equals fifteen minutes // 900 seconds
def is_request_valid(api_key: str, secret: str, domain: str) -> bool:
"""
**is_api_key_valid**
validates api keys on behalf of client api calls
:param api_key: str -> api_key to check
:param secret: str -> secret token
:param domain: str -> domain registered for the api_key and secret_token
:return: bool -> True if api_key is valid
"""
organization_id: str = config_instance.ORGANIZATION_ID
# NOTE: lets assumy api_keys_view.get_api_key will return the api keys from some database somewhere
response = api_keys_view.get_api_key(api_key=api_key, organization_id=organization_id)
response_data, status_code = response
response_dict = response_data.get_json()
if not response_dict.get('status'):
return False
api_instance: dict = response_dict.get('payload')
if not isinstance(api_instance, dict):
return False
domain: str = domain.lower().strip()
# NOTE accessing the keys this way will throw ValueError if keys are not available which is what we want
# Any Error which gets thrown Ridirects the Users from the path the user is on to an error handler.
is_secret_valid: bool = hmac.compare_digest(api_instance['secret_token'], secret)
is_domain_valid: bool = hmac.compare_digest(api_instance['domain'], domain)
_request_valid: bool = is_secret_valid and is_domain_valid
return not not api_instance.get('is_active') if _request_valid else False
Define your Error Handlers like this
from flask import Blueprint, jsonify, request, redirect
from werkzeug.exceptions Unauthorized
error_handler = BluePrint('error_handlers', __name__)
#error_handler.app_errorhandler(Unauthorized)
def handle_error(e : Unauthorized) -> tuple:
"""default unath handler"""
return jsonify(dict(message=e.description)), e.code if request.headers.get('content-type') == 'application/json' else redirect('/login')
handle other errors the same and note that in-case the request was
not a json the user gets redirected to a login page
if json the user gets sent an unathecated response then its
up to the front end to handle Unath Errors..

Categories

Resources