烧瓶护符打破烧瓶引导 [英] Flask-Talisman breaks Flask-Bootstrap

问题描述

我希望我的网站始终重定向到该网站的安全https版本，并且我正在使用 flask-talisman 为此.但是由于某种原因，添加此看似无关的代码行会破坏我的 flask-bootstrap 格式网站.

I want my website to always redirect to the secure https version of the site, and I'm using flask-talisman to do this. However for some reason adding this seemingly-unrelated line of code is breaking the flask-bootstrap formatting on my website.

这是添加flask-talisman之前原始的__init__.py文件和网站的外观:

This is what the original __init__.py file and website looked like before adding flask-talisman:

from flask import Flask
from config import Config
from flask_sqlalchemy import SQLAlchemy
from flask_migrate import Migrate
from flask_bootstrap import Bootstrap
from flask_heroku import Heroku


app = Flask(__name__)
app.config.from_object(Config)
Bootstrap(app)
heroku = Heroku(app)
db = SQLAlchemy(app)
migrate = Migrate(app, db)

from app import routes, models

这是添加flask-talisman后__init__.py文件和网站的外观:

And this is what the __init__.py file and website look like after adding flask-talisman:

from flask import Flask
from config import Config
from flask_sqlalchemy import SQLAlchemy
from flask_migrate import Migrate
from flask_talisman import Talisman
from flask_bootstrap import Bootstrap
from flask_heroku import Heroku


app = Flask(__name__)
app.config.from_object(Config)
Bootstrap(app)
Talisman(app)
heroku = Heroku(app)
db = SQLAlchemy(app)
migrate = Migrate(app, db)

from app import routes, models

更改行Bootstrap(app)和Talisman(app)的顺序也没有任何区别.有任何想法吗?我希望自己的网站安全无虞，但不要以破坏所有格式为代价.

Changing the order of the lines Bootstrap(app) and Talisman(app) doesn't make any difference either. Any ideas? I want my website to be secure, but not at the cost of breaking all of the formatting.

推荐答案

这是一个旧线程，但是答案是，您需要将允许的站点列入白名单，如本例所示(直接来自

It's an old thread, but the answer is that you need to whitelist your allowed sites, like in this example (directly from flask-talisman web site):

csp = {
 'default-src': [
        '\'self\'',
        'cdnjs.cloudflare.com'
    ]
}
talisman = Talisman(app, content_security_policy=csp)

这篇关于烧瓶护符打破烧瓶引导的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！