AttributeError: frame_options #22
Comments
|
That's pretty wild. What is your wsgi server setup? |
|
We do not use wsgi server on our application as far as i know. Here is our run code |
|
It seems |
These are our requirements for the project. Is this a library version problem? Should we upgrade/downgrade anything flask related? |
|
I think it's a race condition / non-thread safe issue. Not 100% sure why it's occurring though. |
|
Same happened here with gunicorn Python 3.6.4 # coding: utf-8
'Gunicorn configuration'
import os
# See http://docs.gunicorn.org/en/latest/settings.html
threads = 1
workers = os.environ.get('WEB_CONCURRENCY', 2)
reload = os.environ['ENV'] == 'development'
preload_app = TrueAlso tried without app preloading just to try. FYI it doesn't happen when Flask is in debug mode using |
|
Thanks, @rhymes that certainly seems like a race condition. Pull requests welcome, as I'm unsure when I'll be able to personally take a look at this. |
|
fixed this temporarily by adding these 3 lines in talisman.py policy = self.local_options.content_security_policyby; try:
policy = self.local_options.content_security_policy
except Exception as e:
policy = {
'default-src': '\'self\'',
'img-src': '\'self\' data:',
'font-src' : '*'
}if not self.local_options.content_security_policy:by; try:
if not self.local_options.content_security_policy:
return
except Exception as e:
passheaders['X-Frame-Options'] = self.local_options.frame_optionsby; try:
headers['X-Frame-Options'] = self.local_options.frame_options
except Exception as e:
headers['X-Frame-Options'] = "SAMEORIGIN"
try:
if self.local_options.frame_options == ALLOW_FROM:
headers['X-Frame-Options'] += " {}".format(
self.local_options.frame_options_allow_from)
except Exception as e:
passhope this helps for someone till @jonparrott will solve the issue. Regards, Zeynep |
|
@davidism would you happen to have any ideas why this might be occurring? Talisman sets local frame options in |
|
I've been following this, I'll try to look at it when I have time, maybe this weekend. |
|
I'm not able to reproduce this. I've tried making a ton of concurrent requests to the dev server, Gunicorn, and Meinheld with no errors. Is there a full example I can use that reproduces this? |
|
@davidism I'm able to reproduce it in my local environment, just running the local server with "flask run". Here my pip list: |
|
Unfortunately, that list won't help me reproduce this. Starting from scratch, what is the smallest program and set of steps I need to take to see this? |
|
@davidism for me to reproduce, i just wrote the sample code and talisman is ALWAYS giving the frame_options error. maybe it'll help you. in app.py __all__ = ['create_app']def create_app(config=None, app_name=None, blueprints=None):
app = Flask(app_name)
configure_app(app, config)
configure_hook(app)
csp = {
'default-src': '\'self\'',
'img-src': '\'self\' data:',
'media-src': [
'*',
],
'style-src': '\'unsafe-inline\' \'self\'',
'script-src': '\'unsafe-inline\' \'self\'',
'font-src' : '*'
}
Talisman(app, content_security_policy=csp)
return appdef configure_hook(app):
@app.before_request
def set_unique_token():
token = session.get('unique_token', None)
if token is None:
session['unique_token'] = uuid1()
if not current_user.is_authenticated:
return redirect("/")when I deleted the line if not current_user.is_authenticated:
return redirect("/")it is hard to reproduce the error but when I wrote that 2 lines it is ALWAYS giving the error and the UI is not working. by reproducing the error with these 2 lines, I wrote my config in talisman.py (referring to my post on Apr 24). It does not give any error anymore. |
|
I am running into this bug in my own code base. I trimmed down my code base to a fairly minimal example that always produces this error. The code is in a file called server.py I run this with the command I get the error when I run the following command: It is worth noting that moving the line |
|
I believe the issue is that an exception being thrown in an In Flask-Talisman, we use Since |
|
I am not sure what the correct solution is to this issue. Here are some ideas:
I will open an issue on Flask's repo to discuss whether or not Flask should continue running |
|
As a hacky workaround, I am adding Flask-Talisman before calling |
|
This needs to be fixed here, not in Flask. In general, I don't consider it a hack to configure extensions first, since it's reasonable to assume later handers require them to have run. Order matters. |
|
Also, thanks to both the examples, it really helped narrow this down. |
|
@skylerberg this did not work for me or could you please write down your piece of code here so that I can see what I am missing? thanx |
|
Thanks, everyone for figuring out why this is occurring. I'm going to try to fix today. :) |
|
I've uploaded 0.5.1 to PyPI which (hopefully) fixes this. Thanks everyone for helping me figure it out, and apologies that it took so long to fix! |
Hello,
We have a Flask app with Talisman and we initialize the app by default values:
But sometimes, we are not sure why, it's hard to reproduce we have the following error and stacktrace :asd
Can you help why this happens and why it happens at seemingly random times?
Talisman version is 0.4.1
Thanks in advance!
The text was updated successfully, but these errors were encountered: