Giters

chriswilson1982 / flask-mongo-app

This is a template for a web app using Flask and MongoDB. It uses Flask-Login for authentication, Flask-Pymongo for the database connection, Flask-Bcrypt for password hashing and Flask-Talisman for security. The front-end uses Bootstrap and Font Awesome. The app features user verification by email, basic note recording and messaging between users.

Home Page:https://demo.chriswilson.app

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

login/logout breaks with flask debugs disabled

iskobkarev opened this issue · comments

commented

Hello, Chris

I've been playing with this template of yours and it is quite well written and works very well.
One issue was discovered though.

Apparently, once debug is disabled (or if the script is used with waitress):
app.run(host='0.0.0.0', port=8080, debug=False)
and redirects to https are also disabled to make it work around that forced https redirect:
talisman = Talisman(app, content_security_policy=csp, force_https=False)

then the login/logout functionality breaks completely. There is no errors, and nothing in the logs. If you were logged in before disabling debugs the logout is not possible. Otherwise the login fails but not due to password error. It just does not go to the target ("next") page and stays on the same login page.

Any advise is appreciated, these two steps above reliable reproduce the issue with your app template

Thanks

Igor

commented

One more thing.
Enabling ssl under flask app makes everything work.