Skip to content
Force SSL on your Flask app.
Branch: master
Clone or download
Pull request Compare This branch is 62 commits behind not-kennethreitz:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.



This is a simple Flask extension that configures your Flask application to redirect all incoming requests to HTTPS.

Redirects only occur when app.debug is False.


Usage is pretty simple:

from flask import Flask
from flask_sslify import SSLify

app = Flask(__name__)
sslify = SSLify(app)

If you make an HTTP request, it will automatically redirect:

$ curl -I
HTTP/1.1 302 FOUND
Content-length: 281
Content-Type: text/html; charset=utf-8
Date: Sun, 29 Apr 2012 21:39:36 GMT
Server: gunicorn/0.14.2
Strict-Transport-Security: max-age=31536000
Connection: keep-alive

HTTP Strict Transport Security

Flask-SSLify also provides your application with an HSTS policy.

By default, HSTS is set for on year (31536000 seconds).

You can change the duration by passing the age parameter:

sslify = SSLify(app, age=300)

If you'd like to include subdomains in your HSTS policy, set the subdomains parameter:

sslify = SSLify(app, subdomains=True)


Installation is simple too:

$ pip install Flask-SSLify
You can’t perform that action at this time.