Adds security functions to Flask applications for preventing some of the basic threats.
Project description
What is Flask-Mitten?
Adds security functions to Flask applications for preventing some of the basic threats.
Features
Flask-Mitten supports Flask applications to prevent following threats.
- Clickjacking
- CSRF
- Information disclosure through banner grabbing
- JSON hijacking
- Session fixation
It bundles functions of following Flask extensions.
More details, see the implementation.
Usage
Installation
Install the extension with the following commands:
pip install Flask-Mitten
Configuration
Apply the extention to your app:
from flaskext.mitten import Mitten app = Flask(__name__) mitten = Mitten(app)
Request headers are overridden to prevent clickjacking and information disclosure.
If you want to set your own banner, you can do it:
mitten.banner = "My Nice Banner!"
Preventing Session Fixation
After login, call a regenerate method of session object:
session.regenerate()
The session ID is regenerated, and it prevents session fixation.
To discard a session, call a destroy method:
session.destroy()
Preventing CSRF
To embed CSRF token, add following line to your template:
<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}" />
A POST request is protected against CSRF automatically.
If you want to exclude a route from CSRF protection, use a csrf_exempt decorator:
@mitten.csrf_exempt @app.route('/public_api/', methods=['POST']) def public_api(): return "result", 200
Preventing JSON Hijacking
If you send a JSON response, you could use a json decorator to avoid JSON hijacking or rendering JSON responses by direct browsing:
@mitten.json @app.route('/json_api/') def json_api(): return jsonify(result='success')
More
For more details, see an example app.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Filename, size | File type | Python version | Upload date | Hashes |
---|---|---|---|---|
Filename, size Flask-Mitten-0.2.1.zip (12.2 kB) | File type Source | Python version None | Upload date | Hashes View |