not-kennethreitz/flask-sslify
1
0
Fork 0
mirror of https://github.com/not-kennethreitz/flask-sslify.git synced 2026-06-05 06:56:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #21 from mbr/master

Browse Source 
Update README.rst with some notes on security.
This commit is contained in:
Kenneth Reitz
2014-03-03 13:12:24 -05:00
parent 6217898a50 800e250d12
commit c7ae85f2cc
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.rst
+12
View File
@@ -62,3 +62,15 @@ Install
Installation is simple too::
$ pip install Flask-SSLify
Security consideration using basic auth
---------------------------------------
When using basic auth, it is important that the redirect occurs before the user is prompted for
credentials. Flask-SSLify registers a ``before_request`` handler, to make sure this handler gets
executed before credentials are entered it is advisable to not prompt for any authentication
inside a ``before_request`` handler.
The example found at http://flask.pocoo.org/snippets/8/ works nicely, as the view function's
decorator will never have an effect before the ``before_request`` hooks are executed.