pallets / flask Goto Github PK

Here's what fails http://paste.pocoo.org/show/202792/

The Flash section of the docs should at least mention that app.secret is required but I'm not sure that's enough.

One idea would be to require secret_key to be explicitly set and fail to run if it isn't.
For folks that don't need sessions they could pass a message to that effect to run().
My guess is session/flash will be used by more apps than not.

Use SQLAlchemy in the core framework as an ORM

Filters/session CSRF checking could be added to Flask, or otherwise common patterns added to documentation (see Django CSRF protection for example - http://docs.djangoproject.com/en/dev/ref/contrib/csrf/)

For the interactive Python shell, the test_request_function should be invokable to bind the context to the end of the session for easier testing. Something like this:

>>> from yourapplication import app
>>> app.test_request_context().bind()
>>> from flask import request
>>> request.path
u'/'

Or something similar.

flask / docs / patterns / fileuploads.rst

In the HTML snipets, the

is not closed (there should be a

Thanks to for reporting on irc.
I searched through the rest of the docs and don't see any other occurrences.
I made the change in my fork...

Causes a lot of troubles for applications that have circular dependencies. It also requires that the whole application is imported when the system initializes or certain URLs will not be available right away.

There was a length discussion on #pocoo about the redirection behaviour of Werkzeug today. As a result of that discussion I think it should be explained in detail in the documentation.

The module branch support variable modules. Something like this:

wiki = Module(__name__, url_prefix='/<user>')

Then each function registered is passed 'user' as first parameter. This already works as far as I can see, however it would be better if that value can be attached to g instead. What should work (not tested) is this:

@wiki.before_request
def attach_user():
    g.wiki_user = request.view_args.pop('user', None)

The problem with this is that URLs generated still need that user attached, so url_for needs some kind of support for that. However I am not entirely sure how that should look like.

There is open_resource, but sometimes one does not need an open file but the filename.

I've thought of something like this: http://paste.pocoo.org/show/217837/

The documentation should do a better job at explaining how single modules could be deployed.

There should be a @context_processor decorator for modules, so that a processor can be added on a per-module basis, in the same way as @before_request. A processor function defined this way would only be executed in the module space.

[from the mailinglist]

I found some minor typos throughout docs, which I fixed in [email protected]

It's quite difficult at the moment to set the expiry date for the session. Ideally something like this could work (although it might require subclassing SecureCookie):

if request.form.get('remember_me', False):
    session.expires = timedelta(days=30)

Documentation should contain some infos about how to generate secret keys.

Doing POST to view method which doesn't invoke flask.request.form results to „Unable to Connect“ on WebKit based browsers (Epiphany, Midori). Firefox is working.

Hello,

it would be nice to have a decorator to define a function as a jinja filter instead of adding the function to
app.jinja_env.filters

thanx

There is a variable missing in the docstring (and thus in the documentation) in app.errorhandler.
http://github.com/mitsuhiko/flask/blob/master/flask.py#L998

Right now the mailinglist does not wrap mails if the client did not wrap them in advance. Looks bad: http://flask.pocoo.org/mailinglist/archive/2010/5/5/ann-garter-a-library-of-useful-flask-related-functions/

Right now the docs to not mention that url_for can generate query arguments as well. That should be fixed.

on this page:
http://flask.pocoo.org/docs/patterns/distribute/

the "package" link of this sentence is 404:
In this case we assume your application is called yourapplication.py and you are not using a module, but a package.

For GAE and some other envs it makes sense not to use decorators but lazily load functions based on name instead. This should be documented as pattern.

It might be useful to have examples in the docs on how to integrate werkzeug.script with Flask, in particular shell and runserver:

http://werkzeug.pocoo.org/documentation/dev/script.html

Not a big deal but I think pre_request and post_request have better symmetry than init and shutdown.

Right now Flask does not support GAE, that should be fixed. Switch to FileSystemLoader and CWD usage if GAE is detected, stick to pkg_resources otherwise for better portability.

This makes it more to type (because you now have something to pass around) but it makes it a whole lot easier to debug hairy situations and to test the code.

Common problem that breaks on mod_wsgi and other deployments.

Hi there,

I was reading through the documentation in the tutorial, and I think it may be beneficial to a lot of users (like myself) who develop on remote servers to include information about the optional host parameter in app.run():

app.run(host='your public ip')

It is listed on Application Setup Code at the bottom, but since the first page, 'Quickstart' demos an application, I think it should be included there (or at least linked).

add_url_rule should accept an optional view function. Currently you need to do two steps to associate a rule, endpoint and view_function.

This issue is suggesting that it should only take one step. Replace add_url_rule(self, rule, endpoint, *_options) with add_url_rule(self, rule, endpoint, view_func=None, *_options)

Snippets are placed in the public domain when posted, but this is not reflected when snippets are viewed. Additionally, the whole display (code, comments, style and all) is currently reported as copyright Armin, with all rights implicitly reserved.

It makes a lot of sense to change the way endpoints (the names of the functions / URL rules) are handled to also take the module name into account. Right now the function name is the URL name, but imagine you have a large applications consisting of multiple components. In that case, it makes a lot of sense to use dotted names for the URL endpoints.

Documentation should show how a typical setup.py with distribute looks like and how it can be used to deploy code.

Can we get the docs updated to include an example to access session object while unit testing.

Here is a potential solution, using unittest for flaskr

def test_session(self):
    with flaskr.app.test_request_context('/login', method='POST', data=dict(
                    username=flaskr.USERNAME, password=flaskr.PASSWORD,)):
        rv = flaskr.app.dispatch_request()
        assert flaskr.session['logged_in'] == True

    with flaskr.app.test_request_context('/login', method='POST', data=dict(
                    username=flaskr.USERNAME+'x', password=flaskr.PASSWORD+'x',)):
        rv = flaskr.app.dispatch_request()
        assert not flaskr.session.get('logged_in')

it would be nice if there was a way to generate extra data before dispatching to a module

something like this (bad example to get the idea across)

@app.route('//wiki', module=vcswiki)
def user_wiki(username):
    g.wiki = get_wiki_for_user(username)

@app.route('/help', module=vcswiki)
def help_wiki():
    g.wiki = get_help_wiki()

Apps should have some kind of config dict attached. That would make it a lot cleaner to deal with configuration values.

Make endpoint an option in the @route decorator. By default it would still use the function name. This would allow more flexibility in larger applications:

def route(self, rule, **options):
    def decorator(f):
        endpoint = options.pop('endpoint', f.__name__)
        self.add_url_rule(rule, endpoint, **options)
        return f
    return decorator

The following example (taken from the documentation, simplified) fails to work correctly.
The index() function is registered at / instead of /admin.

myapp/init.py:
from flask import Flask
from myapp.admin import admin
app = Flask(name)
app.register_module(admin, url_prefix='/admin')

myapp/admin.py
from flask import Module
admin = Module(name)
@admin.route('/')
def index():
return 'This should be at /admin'

_RequestContext binds the url_map without setting server_name, so it is impossible to make apps that serve dynamic subdomains. server_name should be an optional configuration.

environ = create_environ(path='/', base_url='http://www.test.com')
url_adapter = url_map.bind_to_environ(environ, server_name='test.com')
endpoint, kwargs = url_adapter.match('/')
assert endpoint == 'test'
assert 'subdomain' in kwargs
assert kwargs['subdomain'] == 'www'

environ = create_environ(path='/', base_url='http://foo.test.com')
url_adapter = url_map.bind_to_environ(environ, server_name='test.com')
endpoint, kwargs = url_adapter.match('/')
assert endpoint == 'test'
assert 'subdomain' in kwargs
assert kwargs['subdomain'] == 'foo'

Some day, it should be added to the list of Werkzeug-based frameworks :
http://dev.pocoo.org/projects/werkzeug/wiki/WerkzeugBasedFrameworks
(and Denied, too?)

And maybe on the http://dev.pocoo.org/ page too.

After the first release, probably.

In section 'The Request Object' is a typo when doing route definition.
...
@app.route('/login', method=['POST', 'GET'])
def login():
...

the keyword argument should be 'methods' not 'method'.

Just wanted to let you know that layout.html is missing some closing tags

The sentence that reads

Now that you have finished the application and everything works as expected, it’s probably not the best idea to add automated tests to simplify modifications in the future.

Should probably read

Now that you have finished the application and everything works as expected, it’s probably a good idea to add automated tests to simplify modifications in the future.

What would it take to get Flask up and running with Python 3? I heard you got Jinja2 up and running on py3k but I am less sure about Werkzeug and the WSGI spec in general for Python 3. Have you put any thought into it or had any luck trying to accomplish it?

In debug mode the request context should stick around on an exception so that the request object is still valid in the debugger.

These two have to be reversed in the API docs.

The new signature for flash() should look like this in 0.5:

def flash(message, category='message'):
    ...

The method to fetch messages then will also accept a parameter that allows pulling as tuples with the category as well:

def get_flashed_messages(with_categories=False):
    ...

If invoked with that parameter set to False (which is the default) just the strings are returned, otherwise tuples in the form (category, message).

Fixed it by adding the session_expires=None to the end of this method call:

def save_session(self, session, response):
expires = None
if session.permanent:
expires = datetime.utcnow() + self.permanent_session_lifetime
session.save_cookie(response, self.session_cookie_name,
expires=expires, httponly=True, session_expires=None) <== only change

http://babel.edgewall.org

They should fail with an explicit error instead especially because the current behavior is just plain wrong.

Should be added :)