Locally, add any names that should route to the app to your Not allow setting cookies for domains without a dot. If set, will be used for the session cookie domain if Inform the application what host and port it is bound to. Get_send_file_max_age() on the application or blueprint.ĭefault: timedelta(hours=12) ( 43200 seconds) SERVER_NAME ¶ Override this value on a per-file basis using Can either be a datetime.timedelta or an int. When serving files, set the cache control max age to this number of This only makes sense when using such a server.ĭefault: False SEND_FILE_MAX_AGE_DEFAULT ¶ Some web servers, such as Apache, recognize this and serve When serving files, set the X-Sendfile header instead of serving theĭata with Flask. Sending the cookie every time (the default)Ĭan more reliably keep the session from expiring, but uses more bandwidth. Can either be aįlask’s default cookie implementation validates that the cryptographicĭefault: timedelta(days=31) ( 2678400 seconds) SESSION_REFRESH_EACH_REQUEST ¶Ĭontrol whether the cookie is sent with every response when If session.permanent is true, the cookie’s expiration will be set this Canīe set to 'Lax' (recommended) or 'Strict'. Restrict how cookies are sent with requests from external sites. The application must be served over HTTPS for this to make Will be valid underneath APPLICATION_ROOT or / if that is not set.īrowsers will not allow JavaScript access to cookies marked as “HTTP only”īrowsers will only send cookies with requests over HTTPS if the cookie is The path that the session cookie will be valid for. If False, the cookie’s domain will not be set. Set, the cookie will be valid for all subdomains of SERVER_NAME. The domain match rule that the session cookie will be valid for. Can be changed in case you already have aĭefault: 'session' SESSION_COOKIE_DOMAIN ¶ $ python -c 'import os print(os.urandom(16))'ĭo not reveal the secret key when posting questions or committing code. For example, copy the output of this to your config: It should be a long random string of bytes, although unicode IfĪ secret key that will be used for securely signing the session cookieĪnd can be used for any other security related needs by extensions or yourĪpplication. This is a more specific version of TRAP_HTTP_EXCEPTIONS. The error as an unhandled exception instead so that you get the interactiveĭebugger. Trying to access a key that doesn’t exist from request dicts like argsĪnd form will return a 400 Bad Request error page. To be handled by the interactive debugger instead of returning it as a If there is no handler for an HTTPException-type exception, re-raise it Request data on errors, and should normally not need to be set directly. If not set, this is implicitly true if TESTING or DEBUGĭefault: None PRESERVE_CONTEXT_ON_EXCEPTION ¶ĭon’t pop the request context when an exception occurs. You should enable this in your own tests.Įxceptions are re-raised rather than being handled by the app’s error Extensions may also change their behavior toįacilitate easier testing. Exceptions are propagated rather than handled by the May not behave as expected if set in code.ĭo not enable debug mode when deploying in production.ĭefault: True if ENV is 'development', or FalseĮnable testing mode. This is enabled when ENV is 'development'Īnd is overridden by the FLASK_DEBUG environment variable. The debug attribute maps to thisĬonfig key. Unhandled exceptions, and the server will be reloaded when codeĬhanges. When using flask run to start theĭevelopment server, an interactive debugger will be shown for
0 kommentar(er)
