Member-only story
From HTTP to HTTPS — Easily Secure Flask Web Apps With Talisman
Leveraging Python’s Talisman library to setup HTTPS protocol for enhanced web application security
After deploying your Python project (e.g., ML model, website) as a Flask web app on cloud solutions like Heroku, you may notice that it loads with an unsecured HTTP connection despite SSL/TSL certificates already configured.
Such unsecured requests pose a security concern because malicious actors can easily compromise communications between the client and server.
This article explores using the Talisman library to redirect all incoming app requests to HTTPS instead of HTTP.
Table of Contents
(1) About HTTPS
(2) What is Talisman?
(3) Basic Usage
(4) Advanced Options
About HTTPS
HTTPS (Hypertext Transfer Protocol Secure) is a secure version of the HTTP protocol as it adds an extra layer of encryption, authentication, and integrity via the SSL/TLS protocol.
HTTPS makes it possible for sensitive data like credit card numbers and login credentials to be transmitted securely over the internet. As such, HTTPS is fast becoming the standard protocol for all websites, whether or not they involve the exchange of sensitive data.
For example, Google Chrome has started flagging non-HTTPS sites as insecure, while Apple requires iOS apps’ API communication to use HTTPS.
What is Talisman?
Talisman is a Python Flask extension that configures your Flask web application such that it is protected from common web security issues.
Developed by the Google Cloud Platform community, Talisman works by enabling and setting HTTP security headers in web applications to dictate the security-related details of HTTP communication.
HTTP security headers provide extra security by restricting behaviors within the browser and server once the web app is running.
One of the critical features of Talisman is to force all web app connections to HTTPS, which will be the focus of this write-up.
