disabled hsts header in flask-talisman

Currently we set two HSTS headers. One in `flask-talisman` and one in our nginx configuration. This is bad, mhhhhkaaaaay. So let's disable our hsts header in `flask-talisman` and let's nginx do its job. Signed-off-by: Christian Rebischke <chris@nullday.de>
archlinux · Feb 27, 2019 · 5c8fdd9 · 5c8fdd9
1 parent 17530ac
commit 5c8fdd9
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 1 deletion.
diff --git a/config.py b/config.py
@@ -55,6 +55,7 @@ def set_debug_flag(debug):
 FLASK_PORT = config_flask.getint('port')
 FLASK_SESSION_PROTECTION = None if 'none' == config_flask['session_protection'] else config_flask['session_protection']
 set_debug_flag(config_flask.getboolean('debug'))
+FLASK_STRICT_TRANSPORT_SECURITY = config_flask.getboolean('strict_transport_security')
 
 config_pacman = config['pacman']
 PACMAN_HANDLE_CACHE_TIME = config_pacman.getint('handle_cache_time')
diff --git a/config/00-default.conf b/config/00-default.conf
@@ -18,6 +18,7 @@ debug = off
 secret_key = changeme_iddqd
 csrf = on
 session_protection  = strong
+strict_transport_security = off
 
 [sqlalchemy]
 echo = no

diff --git a/tracker/__init__.py b/tracker/__init__.py
@@ -12,6 +12,7 @@
 from werkzeug.routing import BaseConverter
 
 from config import FLASK_SESSION_PROTECTION
+from config import FLASK_STRICT_TRANSPORT_SECURITY
 from config import SQLALCHEMY_MIGRATE_REPO
 from config import SQLITE_CACHE_SIZE
 from config import SQLITE_JOURNAL_MODE
@@ -75,7 +76,7 @@ def db_get_or_create(self, model, defaults=None, **kwargs):
 db.get_or_create = MethodType(db_get_or_create, db)
 
 migrate = Migrate(db=db, directory=SQLALCHEMY_MIGRATE_REPO)
-talisman = Talisman()
+talisman = Talisman(strict_transport_security=FLASK_STRICT_TRANSPORT_SECURITY)
 login_manager = LoginManager()
 tracker = Blueprint('tracker', __name__)