orbit-oss/flask
4
4
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
5523 commits 4 branches 69 tags 37 MiB
Commit graph

5523 commits

This branch
This branch
All branches
Author SHA1 Message Date
Koda Reef
8342e68712 Default SESSION_COOKIE_SAMESITE to "Lax" 
Change the default value of SESSION_COOKIE_SAMESITE from None to
"Lax". When set to None, Flask does not include the SameSite
attribute on session cookies, relying on browser defaults.

While modern browsers default to Lax behavior when the attribute is
absent, setting it explicitly ensures consistent CSRF defense across
all browser versions, including older ones that do not apply the Lax
default.

Django has defaulted to "Lax" since 2.1 (2018). This aligns Flask
with the ecosystem standard.

Applications that require cross-site cookie behavior can set
SESSION_COOKIE_SAMESITE to None (with SESSION_COOKIE_SECURE=True).
 2026-03-22 23:51:28 +00:00
David Lord
4cae5d8e41
Merge branch 'stable' 2026-03-08 16:21:50 -07:00
David Lord
a197702e2c
update dev dependencies 2026-03-08 16:20:07 -07:00
David Lord
4774385abd
add zizmor to scan workflows (#5945) 2026-03-08 16:15:00 -07:00
David Lord
560c119e3d
add zizmor to scan workflows 2026-03-08 16:05:00 -07:00
David Lord
3a9d54f3da
Merge branch 'stable' 2026-03-04 07:36:21 -08:00
David Lord
a29f88ce6f
document that headers must be set before streaming 2026-03-04 07:36:09 -08:00
David Lord
c34d6e81fd
all teardown callbacks are called despite errors (#5928) 2026-02-19 20:00:34 -08:00
David Lord
fbb6f0bc4c
all teardown callbacks are called despite errors 2026-02-19 19:41:50 -08:00
David Lord
7b0088693e
fix typing 2026-02-19 08:42:33 -08:00
David Lord
a411a2434b
add back opening session on context push 2026-02-19 08:35:48 -08:00
David Lord
daca74d93a
Merge branch 'stable' 2026-02-18 21:56:24 -08:00
David Lord
f00ad424ee
release version 3.1.3 (#5924) 2026-02-18 21:01:53 -08:00
David Lord
22d924701a
release version 3.1.3 2026-02-18 19:41:55 -08:00
David Lord
089cb86dd2
Merge commit from fork 
request context tracks session access
 2026-02-18 19:35:58 -08:00
David Lord
c17f379390
request context tracks session access 2026-02-18 19:02:54 -08:00
David Lord
27be933840
start version 3.1.3 2026-02-18 14:52:52 -08:00
David Lord
d98eb69a35
revert cli test change 2026-02-12 13:11:01 -08:00
David Lord
12e95c93b4
fix provide_automatic_options override (#5917) 2026-02-12 13:07:50 -08:00
David Lord
e82db2ca3a
fix provide_automatic_options override 2026-02-12 13:03:03 -08:00
David Lord
d3b78fd18a
Merge remote-tracking branch 'origin/stable' 2026-02-06 13:22:54 -08:00
David Lord
663198d7b4
update dev dependencies 2026-02-03 10:22:19 -08:00
David Lord
976459f7cb
fix editable werkzeug 2026-02-03 10:20:49 -08:00
David Lord
5e621a2801
update domain matching tests for Werkzeug 3.2 2026-02-03 10:19:45 -08:00
David Lord
4e652d3f68
Abort if the instance folder cannot be created (#5903) 2026-01-28 07:43:00 -08:00
Markus Heidelberg
3d03098a97 Abort if the instance folder cannot be created 
According to the comment, the instance folder should exist in any case.
But a PermissionError was ignored silently.

Since Python 3.9 is the minimum required version, it is safe to use
"exist_ok" added in Python 3.2 and avoid exception handling.
 2026-01-27 09:18:37 +01:00
David Lord
798e006f43
Merge branch 'stable' 2026-01-25 10:38:42 -08:00
David Lord
407eb76b27
document using gevent for async (#5900) 2026-01-25 10:35:12 -08:00
David Lord
ac5664d228
document using gevent for async 2026-01-25 10:33:13 -08:00
David Lord
23df07d799
Merge branch 'stable' 2026-01-24 19:55:36 -08:00
David Lord
4b8bde97d4
deprecate should_ignore_error (#5899) 2026-01-24 19:53:11 -08:00
David Lord
0292047b22
remove unused ruff check rule 2026-01-24 19:52:11 -08:00
David Lord
c77a520343
deprecate should_ignore_error 2026-01-24 19:50:30 -08:00
David Lord
9b74a90dd3
fix codespell findings 2026-01-24 19:11:02 -08:00
David Lord
5880befcd2
Merge branch 'stable' 2026-01-24 19:05:26 -08:00
David Lord
4f79d5b59a
Increase required flit_core version to 3.11 (#5865) 2026-01-24 19:04:07 -08:00
Markus Heidelberg
fe3b215d3a
Increase required flit_core version to 3.11 
Needed since Flask 3.1.1 after having set the "license" keyword to an
SPDX license expression. Avoids this possible build error:

  flit_core.config.ConfigError: license field should be <class 'dict'>, not <class 'str'>

Fixes: 0109e496f ("use uv").
 2026-01-24 19:02:37 -08:00
David Lord
5559ef42b5
pre-commit: Add codespell (#5844) 2026-01-24 19:00:23 -08:00
David Lord
3709c4a9a8
update ruff hook and noqa 
co-authored-by: Christian Clauss <cclauss@me.com>
 2026-01-24 18:58:45 -08:00
Christian Clauss
709f83f6a3
pre-commit: Add codespell 2026-01-24 18:53:30 -08:00
ADITYA SAH
30da640ffe
clarify 415 vs 400 errors for request.json (#5827) 2026-01-24 18:46:56 -08:00
David Lord
25642fd1fd
fix annotation for select_jinja_autoescape (#5808) 2026-01-24 18:25:31 -08:00
David Lord
809d5a8869
redirect defaults to 303 (#5898) 2026-01-24 17:18:35 -08:00
David Lord
eca5fd1dfd
redirect defaults to 303 2026-01-24 17:16:38 -08:00
David Lord
eb58d862cc
Merge branch 'stable' 2026-01-24 17:15:54 -08:00
David Lord
64dd0809c2
update dev dependencies 2026-01-24 17:14:20 -08:00
David Lord
97bddc1f61
update dev dependencies 2026-01-05 08:50:52 -08:00
David Lord
ad68a12645
drop experimental 3.13t test env 2025-11-28 11:05:52 -08:00
David Lord
2579ce9f18
Merge branch 'stable' 2025-11-17 10:05:51 -08:00
David Lord
607d1948b8
split free threading envs 2025-11-17 10:05:39 -08:00