A Flask is a powerful web framework which basically used for developing interesting web applications in the Python language. While developing this kind of web application with the help of Flask, it is more important to make sure that the security of our application is strong for that the talisman comes in. Talisman is basically a Flask extension that is used to add HTTP security headers to our Flask application with easy implementation, which will help us to protect the app against common web attacks that lead to disturbances in our application security.
Key Terminologies
There are some key terminology for implementing talisman in our application are as follows:
- HTTP Security Headers: The HTTP Security headers are the additional information sent by the server to the client side, which will simply help to protect our app against web attacks.
- Flask: It is a Python web framework used in the development of web applications.
- Talisman: Talisman is a Flask extension that will be used in the addition of HTTP security headers to our Flask application with its internal functionalities.
Required Modules
pip install Flask pip install Flask-Talisman
Steps to Create Flask Talisman Application
Step 1: Import Talisman
After step one, we have now successfully installed Talisman to our system, Now to use it in our web application we need to import it into our Flask application as given below.
Python3
from flask import Flaskfrom flask_talisman import Talismanapp = Flask(__name__)talisman = Talisman(app) |
Step 2: Configure Talisman
Now we have our imported Talisman extension in our web app, Now to know that our import is working we need to configure Talisman by setting up the HTTP security headers. We can do this by simply adding the following code to the Flask application.
Python3
csp = { 'default-src': [ '\'self\'', ]}# HTTP Strict Transport Security (HSTS) Headerhsts = { 'max-age': 31536000, 'includeSubDomains': True}# Enforce HTTPS and other headerstalisman.force_https = Truetalisman.force_file_save = Truetalisman.x_xss_protection = Truetalisman.session_cookie_secure = Truetalisman.session_cookie_samesite = 'Lax'# Add the headers to Talismantalisman.content_security_policy = csptalisman.strict_transport_security = hsts |
Step 3: Run the Flask Application
Now it’s almost done, to complete the application we can run our Flask application and then perform some testing on it in the browser. For that purpose, we can use the Developer Tools which is provided by the browser for the verification of HTTP security headers. In Google Chrome, we can do this by simply opening the Developer Tools and then selecting the Network tab. After that, we can select a request and then immediately view the Response Headers to see the HTTP security headers.
Complete Code :
Python3
from flask import Flaskfrom flask_talisman import Talismanapp = Flask(__name__)talisman = Talisman(app)# Content Security Policy (CSP) Headercsp = { 'default-src': [ '\'self\'', ]}# HTTP Strict Transport Security (HSTS) Headerhsts = { 'max-age': 31536000, 'includeSubDomains': True}# Enforce HTTPS and other headerstalisman.force_https = Truetalisman.force_file_save = Truetalisman.x_xss_protection = Truetalisman.session_cookie_secure = Truetalisman.session_cookie_samesite = 'Lax'# Add the headers to Talismantalisman.content_security_policy = csptalisman.strict_transport_security = hsts@app.route('/')def index(): return 'Hello, World!'if __name__ == '__main__': app.run() |
Output :
