Posts Tagged: flask
-
Auditing Flask 3.0 Dependencies for OWASP Top 10 Vulnerabilities
Audit Flask 3.0 dependencies for OWASP Top 10 A06 vulnerabilities using pip-audit, poetry audit, and safety CLI. Covers detection, fixes, and CI/CD integration for Werkzeug, Jinja2, and other deps.
-
Debugging RuntimeError: Working Outside of Application Context in Flask 3.0
Resolve Flask 'Working outside of application context' RuntimeError (3.0+): app factories, CLI, tests, extensions. Complete SQLAlchemy examples, pytest, trade-offs.
-
Flask 3.1 to 4.0 Migration Guide: Breaking Changes in Werkzeug 3.0 Routing
Flask 3.1 to 4.0 migration guide: Fix Werkzeug 3.0 routing breaking changes including new state machine router, custom converters part_isolating=False, strict_slashes fixes, SERVER_NAME host_matching, UTF-8 charset removal. Code examples, steps, verification for seamless upgrade.
-
Flask Application Factory Pattern: When to Use create_app() vs Global app Instance
Flask application factory pattern guide: create_app() vs global app instance. Use factory for testing, config/env separation, blueprints/extensions (80% production apps). Global for quick prototypes. Code examples, migration steps, pytest integration, circular import fixes. Flask 3.0+ best practices.
-
Flask Framework Tutorial
Flask tutorial: installation, hello world app, routes, Jinja templates, WTForms, SQLAlchemy ORM, Blueprints, deployment to Heroku/Vercel.
-
Flask-Login Session Fixation Vulnerability: How to Regenerate Session IDs After Login
Flask-Login session fixation vuln: No auto session ID regen post-login → attacker hijacks via pre-auth session fixation (OWASP A5). Fix: session.regenerate() after login_user(). Code, audit, tests. Benchmarks: 0 vuln → secure.
-
Flask-SQLAlchemy 3.1: Migrating from db.Model to Declarative Base Syntax
Migrate your Flask-SQLAlchemy models from legacy db.Model to SQLAlchemy 2.0 declarative base syntax using Mapped and mapped_column. Fix post-upgrade TypeErrors, gain type hints and IDE support, ensure Alembic compatibility.
-
Flask vs FastAPI for Real-Time WebSocket Applications: Latency Benchmarks
Flask vs FastAPI WebSocket benchmarks on Python 3.13 M2 Mac: compare latency and throughput for realtime apps. Includes code setups, py-spy analysis, uvicorn/gunicorn+SocketIO configs.
-
Caching Flask-SQLAlchemy Queries with Redis
Learn how to implement Redis caching for Flask-SQLAlchemy queries to reduce database load and improve response times. This tutorial covers key hashing, TTL management, and invalidation strategies.
-
How to Configure Flask Behind Nginx with X-Forwarded-For Headers for GDPR Logging
Configure Flask behind Nginx to preserve real client IP with X-Forwarded-For headers for GDPR logging. Covers Nginx proxy_set_header, Flask ProxyFix/werkzeug ProxyFix, Gunicorn --forwarded-allow-ips, Docker and Ubuntu setups.
-
How to Fix ImportError: cannot import name 'escape' from 'jinja2' in Flask 2.3
Resolve ImportError: cannot import name 'escape' from 'jinja2' when upgrading to Flask 2.3. Step-by-step fixes, code examples, and best practices for Jinja2 compatibility.
-
How to Profile Flask Applications with py-spy Without Adding Code Instrumentation
py-spy Flask profiling no code changes: Attach to gunicorn PID, py-spy top reveals 90% CPU in slow endpoint loop, flamegraph.svg export. 5x speedup fixes. Benchmarks: 200req/s → 1000req/s. Keywords: 'profile flask app py-spy', 'flask performance without instrumentation', 'py-spy gunicorn flask', 'flask cpu profiler no decorators'.
-
How to Test Flask Endpoints That Require Authentication Without Hitting the Database
Flask auth endpoint testing without DB: Mock Flask-Login user_loader, pytest fixtures for test_client + fake user. Parallel-safe (500 tests/s), zero flakes/DB setup. Full app+tests code. Keywords: 'flask test authentication endpoints no database', 'pytest flask-login mock user', 'flask test_client login without db'.
-
Implementing Content Security Policy (CSP) Headers in Flask to Prevent XSS
Implement CSP headers in Flask using @after_request, nonces, and report-only mode to mitigate XSS risks. Covers directives, common violations, and verification.
-
Migrate from requirements.txt to pyproject.toml: 5-Step Process for Flask Applications
Step-by-step guide to migrate Flask apps from requirements.txt to pyproject.toml using Poetry for reproducible builds, efficient installs, and modern packaging standards.
-
Reducing Flask Application Startup Time from 8 Seconds to 800ms
Flask startup optimization: Diagnose slow imports/extensions with py-spy/cProfile, implement lazy loading, disable debug mode, gunicorn preload/app factory. Benchmarks: 8.2s → 0.82s (90% faster). Fix dev restarts, serverless cold starts, k8s deployments.