Book Image

Learning Flask Framework

Book Image

Learning Flask Framework

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Learning Flask Framework
Nov, 2015 | 250 pages
No titles found
Table of Contents (17 chapters)
Learning Flask Framework
Learning Flask Framework
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Creating Your First Flask Application
Creating Your First Flask Application
What is Flask?
Setting up a development environment
Installing Python packages
Creating your first Flask app
Introducing the blog project
Summary
2
Relational Databases with SQLAlchemy
Relational Databases with SQLAlchemy
Why use a relational database?
Introducing SQLAlchemy
Creating the Entry model
Retrieving blog entries
Building a tagging system
Making changes to the schema
Summary
3
Templates and Views
Templates and Views
Introducing Jinja2
Creating a base template for the blog
Creating a URL scheme
Adding pagination links
Enhancing the blog app
Summary
4
Forms and Validation
Forms and Validation
Getting started with WTForms
Using flash messages
Saving and modifying tags on posts
Serving static files
Summary
5
Authenticating Users
Authenticating Users
Creating a user model
Installing Flask-Login
Creating user objects
Login and logout views
Accessing the current user
Restricting access to views
Sessions
Summary
6
Building an Administrative Dashboard
Building an Administrative Dashboard
Installing Flask-Admin
Exposing models through the Admin
Managing static assets via the Admin
Securing the admin website
Reading more
Summary
7
AJAX and RESTful APIs
AJAX and RESTful APIs
Creating a comment model
Installing Flask-Restless
Creating comments using AJAX
Loading comments using AJAX
Reading more
Summary
8
Testing Flask Apps
Testing Flask Apps
Unit testing
Flask and unit testing
Test-friendly configuration
Mocking objects
Logging and error reporting
Read more
Summary
9
Excellent Extensions
Excellent Extensions
SeaSurf and CSRF protection of forms
Creating Atom feeds
Syntax highlighting using Pygments
Simple editing with Markdown
Caching with Flask-Cache and Redis
Creating secure, stable versions of your site by creating static content
Asynchronous tasks with Celery
Creating command line instructions with Flask-script
References
Summary
10
Deploying Your Application
Deploying Your Application
Running Flask with a WSGI server
Securing your site with SSL
Automating deployment using Ansible
Read more
Summary
Index
Index

SeaSurf and CSRF protection of forms

CSRF protection adds security to your site by proving that a POST submission came from your site, and not a carefully crafted web form on another site designed to maliciously exploit the POST endpoints on your blog. These malicious requests can even work around authentication if your browser still considers you logged in.

The way we avoid this is to add a special hidden field to any form on the site that has a value in it, generated by the server. When the form is submitted, the value in the special field can then be checked against the values generated by the server and, if it matches, we can continue with the form submission. If the value does not match or is non-existent, the form has come from an invalid source.

Note

What CSRF protection actually proves is that the template, with the CSRF field in it, was used to generate the form. This mitigates the most basic of CSRF attacks from other sites but isn't conclusive in validating that the form submission...

Previous Section
End of Section 2
Next Section