A Flask extension to limit access to your routes by using allowed hosts.
Reason this release was yanked:
Security Issues
Project description
Flask Allowed Hosts
Flask Allowed Hosts is a Flask extension that provides host validation for API endpoints. It allows you to enforce that requests are only accepted from specific hosts, providing an additional layer of security for your Flask application.
Installation
Install the package using pip:
pip install flask-allowed-hosts
Getting Started
To limit access to your routes using flask-allowed-hosts:
from flask import Flask, request, jsonify
from flask_allowed_hosts import AllowedHosts
ALLOWED_HOSTS = ["123.123.123.123", "321.321.321.321"]
# Returns a json response if the request IP is not in the allowed hosts
def on_denied():
error = {"error": "Oops! looks like you are not allowed to access this page!"}
return jsonify(error), 403
app = Flask(__name__)
allowed_hosts = AllowedHosts(app, allowed_hosts=ALLOWED_HOSTS, on_denied=on_denied)
@app.route("/", methods=["GET"])
def home_page():
return "Hello World!"
@app.route("/api/greet", methods=["GET"])
@allowed_hosts.limit()
def greet_endpoint():
name = request.args.get("name", "Friend")
greeting = {"greeting": f"Hello There {name}!"}
return jsonify(greeting), 200
@app.route("/api/greet/override", methods=["GET"])
@allowed_hosts.limit(allowed_hosts=["127.0.0.1", "localhost"])
def greet_override_endpoint():
name = request.args.get("name", "Friend")
greeting = {"greeting override": f"Hello There {name}!"}
return jsonify(greeting), 200
if __name__ == '__main__':
app.run(host='0.0.0.0', port=5000, debug=True)
Now only the allowed hosts set in ALLOWED_HOSTS can access the protected endpoint(s). Requests from other hosts will
receive a 403 Forbidden error.
You can check out more examples in the examples directory.
Arguments
-
allowed_hosts: [List[str], str] : Modify this list to include the allowed hosts. The default value is an empty list[], which means requests from all hosts are allowed. -
on_denied: Callable: Modify this function to customize the behavior when a request is denied. The default isNone, which means a 403 Forbidden error is returned.
Contributing
Contributions are welcome! If you have any suggestions, bug reports, or feature requests, please open an issue or submit a pull request.
License
This project is licensed under the [MIT] License - see the LICENSE.md file for details.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file flask_allowed_hosts-1.0.0.tar.gz.
File metadata
- Download URL: flask_allowed_hosts-1.0.0.tar.gz
- Upload date:
- Size: 4.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.12.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 2b54aee8fb539172d7588ec53e8879c238d730e8b25df3c6b5dde6b980005cd4 |
|
| MD5 | 79b92f55d6480cc0fad9a2e867d4ccc9 |
|
| BLAKE2b-256 | 2dd07d4efedf6bb8065e5729fbda52f0469006a6a743c684ca0876481c5fc1e4 |
File details
Details for the file flask_allowed_hosts-1.0.0-py3-none-any.whl.
File metadata
- Download URL: flask_allowed_hosts-1.0.0-py3-none-any.whl
- Upload date:
- Size: 4.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.12.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 637cb937cba6481d9efb3b6a0641fbaa1533e85c9e50d0597e61a063d6d393a1 |
|
| MD5 | 848f19c64a638cb37b3c3b280d845168 |
|
| BLAKE2b-256 | b783d43b57078bd754bb7721d09e698f9b575f9b8c06dd298b93033344d72f77 |
