Definition of Flask HTTPS
Flask HTTPS is defined as a concept that allows developers to develop Flask applications and deploy them for production use through HTTPS, which are complaint to encrypted connections thus providing extra security. HTTPS is an extension of age-old HTTP (HyperText Transfer Protocol) and uses a layer of SSL (Secure Socket Layer). HTTPS receives and transmits data in a secured manner and doesn’t leave room of people to eavesdrop on the data that is being transferred. Next time you are out there looking at the website address bar, keep an eye on the start of the address, and you would see HTTPS for most of the website that is secured! In case not, watch out for any data you share there as it might be prone to attack.
Syntax:
In the section of syntax, we will look at different syntaxes in the purview of Flask HTTPS which are essential for us to glimpse through as this will enable us to know and map the corresponding syntax to the working so that learning the working will be more practical. So, here we go with the syntaxes in HTTPS:
Installing additional dependency for using adhoc certificates:
pip install pyopenssl
Including adhoc SSL certificate in the app.run() call using ssl_context:
from flask import Flask
appFlask = Flask(__name__)
<… Set of codes for endpoints>
if __name__ == "__main__":
app.run(ssl_context='adhoc')
Including adhoc SSL certificate through command line interface
flask run --cert=adhoc
Including self-signed SSL certificate in the app.run() call using ssl_context:
from flask import Flask
appFlask = Flask(__name__)
<… Set of codes for endpoints>
if __name__ == "__main__":
app.run(ssl_context=(<certificate file>, <key file>))
Including adhoc SSL certificate through command line interface
flask run --cert=<certificate file> --key=<key file>
How does HTTPS work in Flask?
Before understanding HTTPS working specifically for Flask application it is more important to understand the working of HTTPS. For that, we would first need to understand the base system’s security functionality (HTTP) and we would do that in brief as it will ease up the understanding of HTTPS. The implementation of the functionality of encryption and security is done through Transport Layer Security (TLS) which is a standard way of securing any communication space and make sure that the communication is free from any compromises.
Since this article is not an expert article on security, hence we will refrain from detailing HTTPS or HTTP any further and restrict our discussion of working of HTTPS with an intention of building a secure and encrypted Flask server. In a Flask application, there is a connection that is established between the server and the client. During this establishment of connection, the client requests an encrypted connection. To the request, the server replies with a SSL Certificate. This certificate comprises details that can identify the server, as the details are server name and domain. The signature on the certificate is encrypted through cryptography methods by a certificate authority. Now in order to ensure that the information supplied by the server is correct, the certificate authority from the server should fall under the trusted certificates present with the client. Post the confirmation of the signature and that it indeed comes from a trusted entity it is certain that the server that is connected to the client is a legitimate one.
Now post verification of the certificate, an encryption key is created that is used for the communication with the server. In order to keep the transfer of the key secure, the key is encrypted using the public key available in the server certificate. With the server, the private key is present that complements the public key and is the only part that has the capability to decrypt the secure package sent from the client. With this, we are able to complete the full cycle of encryption which start as soon as the encryption key is received and all traffic packages are encrypted with the particular key which only the client and the server has knowledge about.
Thus, we can now know that the TLS encryption implementation would require these 2 items, namely server certificate that includes the public key for encryption, and the other being the private key that complements the private key for decryption. In a Flask application, there are two ways through which we can build the Flask application and launch it through HTTPS. One of the methods is using ssl_context in the main() section of the code, and the other is through the command-line interface using the –cert option. In our examples, we will look at 2 different certificates, i.e. adhoc which are on the fly certificates created by pyopenssl and since every time a different certificate is generated, it is difficult to ascertain which one to trust. By using the self-signed one we can get rid of any security warnings that might pop up.
It’s now time for us to look at the implementation of HTTPS in a Flask application!
Examples
Now that we know of the two ways of implementing HTTPS, so here in this section, we will look at both the options individually in their respective examples. Also, in order to not use adhoc certificates, we will also learn on how we can use a self-signed certificate!
Example #1
Installing additional dependency for using adhoc certificates.
Syntax:
pip install pyopenssl
Output:
Example #2
Including adhoc SSL certificate in the app.run() call using ssl_context.
Syntax:
from flask import Flask
appFlask = Flask(__name__)
@appFlask.route('/home')
def home():
return "We are learning HTTPS @ EduCBA"
if __name__ == "__main__":
appFlask.run(ssl_context='adhoc')
Output:
Example #3
Including adhoc SSL certificate through command-line interface
Syntax:
Code:
from flask import Flask
appFlask = Flask(__name__)
@appFlask.route('/home')
def home():
return "We are learning HTTPS @ EduCBA"
if __name__ == "__main__":
appFlask.run()
Command Line:
flask run --cert=adhoc
Output:
Example #4
Including self-signed SSL certificate in the app.run() call using ssl_context
Syntax:
from flask import Flask
appFlask = Flask(__name__)
@appFlask.route('/home')
def home():
return "We are learning HTTPS @ EduCBA"
if __name__ == "__main__":
appFlask.run(ssl_context=('eduCBAcert.pem', 'eduCBAkey.pem'))
Output:
Conclusion
In this article, we have got to know about details of how HTTPS works in Flask application and knowing the full cycle of process of HTTPS. The last syntax of using certificate and key through command line is left to the readers for experiment and learn!
Recommended Articles
This is a guide to Flask HTTPS. Here we discuss the definition, How does HTTPS work in Flask with Examples? examples with code implementation respectively. You may also have a look at the following articles to learn more –