时间戳

首页 > 解决方案 > Flask-Talisman breaks Flask-Bootstrap

python - Flask-Talisman breaks Flask-Bootstrap

问题描述

I want my website to always redirect to the secure https version of the site, and I'm using flask-talisman to do this. However for some reason adding this seemingly-unrelated line of code is breaking the flask-bootstrap formatting on my website.

This is what the original __init__.py file and website looked like before adding flask-talisman:

from flask import Flask
from config import Config
from flask_sqlalchemy import SQLAlchemy
from flask_migrate import Migrate
from flask_bootstrap import Bootstrap
from flask_heroku import Heroku


app = Flask(__name__)
app.config.from_object(Config)
Bootstrap(app)
heroku = Heroku(app)
db = SQLAlchemy(app)
migrate = Migrate(app, db)

from app import routes, models

enter image description here

And this is what the __init__.py file and website look like after adding flask-talisman:

from flask import Flask
from config import Config
from flask_sqlalchemy import SQLAlchemy
from flask_migrate import Migrate
from flask_talisman import Talisman
from flask_bootstrap import Bootstrap
from flask_heroku import Heroku


app = Flask(__name__)
app.config.from_object(Config)
Bootstrap(app)
Talisman(app)
heroku = Heroku(app)
db = SQLAlchemy(app)
migrate = Migrate(app, db)

from app import routes, models

enter image description here

Changing the order of the lines Bootstrap(app) and Talisman(app) doesn't make any difference either. Any ideas? I want my website to be secure, but not at the cost of breaking all of the formatting.

标签: pythonsslflaskhttpsflask-bootstrap

解决方案

这是一个旧线程,但答案是您需要将允许的站点列入白名单,就像在这个例子中一样(直接来自烧瓶护身符网站):

csp = {
 'default-src': [
        '\'self\'',
        'cdnjs.cloudflare.com'
    ]
}
talisman = Talisman(app, content_security_policy=csp)

推荐阅读