Answer the question
In order to leave comments, you need to log in
D
D
demortall2022-02-14 16:16:29
demortall, 2022-02-14 16:16:29
How to secure a flask website from attacks?
I have a large flask project under development, I would like to know how to protect it from attacks better.
Of course, before that, I found its basics in Google and screwed it
app.config.update(
SECRET_KEY = '0958b57cd3f9d1c3eeca7cc0429a7be4d6bfeb9b',
SESSION_TYPE = 'filesystem',
SESSION_COOKIE_SECURE=True,
SESSION_COOKIE_SAMESITE='Lax',
REMEMBER_COOKIE_HTTPONLY = True
)
csrf = CSRFProtect(app)
csrf.init_app(app)
@app.route('/')
@csrf.exempt
async def index():
return redirect("/auth")
@app.after_request
def add_header(response):
response.headers['Content-Security-Policy'] = config.csp
response.headers['X-Content-Type-Options'] = 'nosniff'
response.headers['X-Frame-Options'] = 'SAMEORIGIN'
response.headers['X-XSS-Protection'] = '1; mode=block'
return response
csp = "default-src 'self'; script-src https://use.fontawesome.com https://kit.fontawesome.com https://code.jquery.com https://cdnjs.cloudflare.com 'self'; style-src *.fontawesome.com 'self'; font-src data: *.fontawesome.com 'self';connect-src *.fontawesome.com 'self';img-src https://cdn.akamai.steamstatic.com https://raw.githubusercontent.com 'self'"I would like to know what else can be added or improved
Similar questions
9
I
P
Philip Bondarev2018-10-25 23:29:43
How to add additional data to ModelSchema flask-marshmallow?
0Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question