orbit-oss/flask
4
4
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: orbit-oss:3.1.2
Branches Tags
orbit-oss:main
orbit-oss:stable
orbit-oss:automatic-options
orbit-oss:workflow
orbit-oss:3.1.3
orbit-oss:3.1.2
orbit-oss:3.1.1
orbit-oss:3.1.0
orbit-oss:2.3.x
orbit-oss:2.2.x
orbit-oss:2.1.x
orbit-oss:2.0.x
orbit-oss:1.1.x
orbit-oss:1.0.x
orbit-oss:0.12.x
orbit-oss:3.0.3
orbit-oss:3.0.2
orbit-oss:3.0.1
orbit-oss:3.0.0
orbit-oss:2.3.3
orbit-oss:2.2.5
orbit-oss:2.3.2
orbit-oss:2.3.1
orbit-oss:2.3.0
orbit-oss:2.2.4
orbit-oss:2.2.3
orbit-oss:2.2.2
orbit-oss:2.2.1
orbit-oss:2.2.0
orbit-oss:2.1.3
orbit-oss:2.1.2
orbit-oss:2.1.1
orbit-oss:2.1.0
orbit-oss:2.0.3
orbit-oss:2.0.2
orbit-oss:2.0.1
orbit-oss:1.1.4
orbit-oss:1.1.3
orbit-oss:2.0.0
orbit-oss:2.0.0rc2
orbit-oss:2.0.0rc1
orbit-oss:1.1.2
orbit-oss:0.12.5
orbit-oss:1.1.1
orbit-oss:1.1.0
orbit-oss:1.0.4
orbit-oss:1.0.3
orbit-oss:1.0.2
orbit-oss:1.0.1
orbit-oss:0.12.4
orbit-oss:1.0
orbit-oss:0.12.3
orbit-oss:0.12.2
orbit-oss:0.12.1
orbit-oss:0.12
orbit-oss:0.11.1
orbit-oss:0.11
orbit-oss:0.10.1
orbit-oss:0.10
orbit-oss:0.9
orbit-oss:0.8.1
orbit-oss:0.8
orbit-oss:0.7.2
orbit-oss:0.7.1
orbit-oss:0.7
orbit-oss:0.6.1
orbit-oss:0.6
orbit-oss:0.5
orbit-oss:0.4
orbit-oss:0.3.1
orbit-oss:0.3
orbit-oss:0.2
orbit-oss:0.1
...
compare: orbit-oss:main
Branches Tags
orbit-oss:main
orbit-oss:stable
orbit-oss:automatic-options
orbit-oss:workflow
orbit-oss:3.1.3
orbit-oss:3.1.2
orbit-oss:3.1.1
orbit-oss:3.1.0
orbit-oss:2.3.x
orbit-oss:2.2.x
orbit-oss:2.1.x
orbit-oss:2.0.x
orbit-oss:1.1.x
orbit-oss:1.0.x
orbit-oss:0.12.x
orbit-oss:3.0.3
orbit-oss:3.0.2
orbit-oss:3.0.1
orbit-oss:3.0.0
orbit-oss:2.3.3
orbit-oss:2.2.5
orbit-oss:2.3.2
orbit-oss:2.3.1
orbit-oss:2.3.0
orbit-oss:2.2.4
orbit-oss:2.2.3
orbit-oss:2.2.2
orbit-oss:2.2.1
orbit-oss:2.2.0
orbit-oss:2.1.3
orbit-oss:2.1.2
orbit-oss:2.1.1
orbit-oss:2.1.0
orbit-oss:2.0.3
orbit-oss:2.0.2
orbit-oss:2.0.1
orbit-oss:1.1.4
orbit-oss:1.1.3
orbit-oss:2.0.0
orbit-oss:2.0.0rc2
orbit-oss:2.0.0rc1
orbit-oss:1.1.2
orbit-oss:0.12.5
orbit-oss:1.1.1
orbit-oss:1.1.0
orbit-oss:1.0.4
orbit-oss:1.0.3
orbit-oss:1.0.2
orbit-oss:1.0.1
orbit-oss:0.12.4
orbit-oss:1.0
orbit-oss:0.12.3
orbit-oss:0.12.2
orbit-oss:0.12.1
orbit-oss:0.12
orbit-oss:0.11.1
orbit-oss:0.11
orbit-oss:0.10.1
orbit-oss:0.10
orbit-oss:0.9
orbit-oss:0.8.1
orbit-oss:0.8
orbit-oss:0.7.2
orbit-oss:0.7.1
orbit-oss:0.7
orbit-oss:0.6.1
orbit-oss:0.6
orbit-oss:0.5
orbit-oss:0.4
orbit-oss:0.3.1
orbit-oss:0.3
orbit-oss:0.2
orbit-oss:0.1

99 commits
3.1.2 ... main

Author SHA1 Message Date
David Lord
36e4a824f3
Any for CertParamType type 2026-05-31 07:42:46 -07:00
David Lord
954f5684e4
update dev dependencies 2026-05-18 16:35:44 -07:00
David Lord
9fcd34c9f3
Merge branch 'stable' 2026-05-13 07:37:53 -07:00
David Lord
1d49747264
update flask-mongoengine link 2026-05-13 07:37:21 -07:00
David Lord
7374c85dde
remove leftover setuptools 2026-05-02 05:59:12 -07:00
David Lord
dcbede0cb0
autoescape selection uses case-insensitive comparison (#6013) 2026-05-01 20:58:56 -07:00
David Lord
9368fb3f3c
case-insensitive comparison 2026-05-01 20:56:39 -07:00
David Lord
06ea505ce2
separate copy per call 2026-05-01 20:31:50 -07:00
David Lord
2ac89889f4
Merge branch 'stable' 2026-04-08 21:04:03 -07:00
David Lord
689362089e
fix typo 2026-04-08 21:01:29 -07:00
David Lord
258d68b6ff
Merge branch 'stable' 2026-04-05 12:32:14 -07:00
David Lord
a31e6b7346
remove werkzeug host tests 2026-04-05 12:31:01 -07:00
David Lord
e4e4bf6543
Merge branch 'stable' 2026-04-05 11:24:48 -07:00
David Lord
b21425d6df
reduce venv size 2026-04-05 11:13:13 -07:00
David Lord
83dbcb222a
update dev dependencies 2026-04-03 15:59:16 -07:00
David Lord
7ef2946fb5
remove unicode host test (#5962) 2026-03-24 06:55:57 -07:00
David Lord
91c6b3fecf
remove unicode host test 2026-03-24 06:51:39 -07:00
David Lord
4cae5d8e41
Merge branch 'stable' 2026-03-08 16:21:50 -07:00
David Lord
a197702e2c
update dev dependencies 2026-03-08 16:20:07 -07:00
David Lord
4774385abd
add zizmor to scan workflows (#5945) 2026-03-08 16:15:00 -07:00
David Lord
560c119e3d
add zizmor to scan workflows 2026-03-08 16:05:00 -07:00
David Lord
3a9d54f3da
Merge branch 'stable' 2026-03-04 07:36:21 -08:00
David Lord
a29f88ce6f
document that headers must be set before streaming 2026-03-04 07:36:09 -08:00
David Lord
c34d6e81fd
all teardown callbacks are called despite errors (#5928) 2026-02-19 20:00:34 -08:00
David Lord
fbb6f0bc4c
all teardown callbacks are called despite errors 2026-02-19 19:41:50 -08:00
David Lord
7b0088693e
fix typing 2026-02-19 08:42:33 -08:00
David Lord
a411a2434b
add back opening session on context push 2026-02-19 08:35:48 -08:00
David Lord
daca74d93a
Merge branch 'stable' 2026-02-18 21:56:24 -08:00
David Lord
f00ad424ee
release version 3.1.3 (#5924) 2026-02-18 21:01:53 -08:00
David Lord
22d924701a
release version 3.1.3 2026-02-18 19:41:55 -08:00
David Lord
089cb86dd2
Merge commit from fork 
request context tracks session access
 2026-02-18 19:35:58 -08:00
David Lord
c17f379390
request context tracks session access 2026-02-18 19:02:54 -08:00
David Lord
27be933840
start version 3.1.3 2026-02-18 14:52:52 -08:00
David Lord
d98eb69a35
revert cli test change 2026-02-12 13:11:01 -08:00
David Lord
12e95c93b4
fix provide_automatic_options override (#5917) 2026-02-12 13:07:50 -08:00
David Lord
e82db2ca3a
fix provide_automatic_options override 2026-02-12 13:03:03 -08:00
David Lord
d3b78fd18a
Merge remote-tracking branch 'origin/stable' 2026-02-06 13:22:54 -08:00
David Lord
663198d7b4
update dev dependencies 2026-02-03 10:22:19 -08:00
David Lord
976459f7cb
fix editable werkzeug 2026-02-03 10:20:49 -08:00
David Lord
5e621a2801
update domain matching tests for Werkzeug 3.2 2026-02-03 10:19:45 -08:00
David Lord
4e652d3f68
Abort if the instance folder cannot be created (#5903) 2026-01-28 07:43:00 -08:00
Markus Heidelberg
3d03098a97 Abort if the instance folder cannot be created 
According to the comment, the instance folder should exist in any case.
But a PermissionError was ignored silently.

Since Python 3.9 is the minimum required version, it is safe to use
"exist_ok" added in Python 3.2 and avoid exception handling.
 2026-01-27 09:18:37 +01:00
David Lord
798e006f43
Merge branch 'stable' 2026-01-25 10:38:42 -08:00
David Lord
407eb76b27
document using gevent for async (#5900) 2026-01-25 10:35:12 -08:00
David Lord
ac5664d228
document using gevent for async 2026-01-25 10:33:13 -08:00
David Lord
23df07d799
Merge branch 'stable' 2026-01-24 19:55:36 -08:00
David Lord
4b8bde97d4
deprecate should_ignore_error (#5899) 2026-01-24 19:53:11 -08:00
David Lord
0292047b22
remove unused ruff check rule 2026-01-24 19:52:11 -08:00
David Lord
c77a520343
deprecate should_ignore_error 2026-01-24 19:50:30 -08:00
David Lord
9b74a90dd3
fix codespell findings 2026-01-24 19:11:02 -08:00
David Lord
5880befcd2
Merge branch 'stable' 2026-01-24 19:05:26 -08:00
David Lord
4f79d5b59a
Increase required flit_core version to 3.11 (#5865) 2026-01-24 19:04:07 -08:00
Markus Heidelberg
fe3b215d3a
Increase required flit_core version to 3.11 
Needed since Flask 3.1.1 after having set the "license" keyword to an
SPDX license expression. Avoids this possible build error:

  flit_core.config.ConfigError: license field should be <class 'dict'>, not <class 'str'>

Fixes: 0109e496f ("use uv").
 2026-01-24 19:02:37 -08:00
David Lord
5559ef42b5
pre-commit: Add codespell (#5844) 2026-01-24 19:00:23 -08:00
David Lord
3709c4a9a8
update ruff hook and noqa 
co-authored-by: Christian Clauss <cclauss@me.com>
 2026-01-24 18:58:45 -08:00
Christian Clauss
709f83f6a3
pre-commit: Add codespell 2026-01-24 18:53:30 -08:00
ADITYA SAH
30da640ffe
clarify 415 vs 400 errors for request.json (#5827) 2026-01-24 18:46:56 -08:00
David Lord
25642fd1fd
fix annotation for select_jinja_autoescape (#5808) 2026-01-24 18:25:31 -08:00
David Lord
809d5a8869
redirect defaults to 303 (#5898) 2026-01-24 17:18:35 -08:00
David Lord
eca5fd1dfd
redirect defaults to 303 2026-01-24 17:16:38 -08:00
David Lord
eb58d862cc
Merge branch 'stable' 2026-01-24 17:15:54 -08:00
David Lord
64dd0809c2
update dev dependencies 2026-01-24 17:14:20 -08:00
David Lord
97bddc1f61
update dev dependencies 2026-01-05 08:50:52 -08:00
David Lord
ad68a12645
drop experimental 3.13t test env 2025-11-28 11:05:52 -08:00
David Lord
2579ce9f18
Merge branch 'stable' 2025-11-17 10:05:51 -08:00
David Lord
607d1948b8
split free threading envs 2025-11-17 10:05:39 -08:00
David Lord
218880c7fd
Merge branch 'stable' 2025-11-17 10:03:42 -08:00
David Lord
917000097f
test py3.14 2025-11-17 10:02:53 -08:00
David Lord
96a01e420b
Merge branch 'stable' 2025-11-17 09:45:56 -08:00
David Lord
da6d075dfd
update dev dependencies 2025-11-17 09:43:40 -08:00
David Lord
70d04b5a26
pass context through dispatch methods (#5818) 2025-11-17 08:49:53 -08:00
Hynek Schlawack
88a65bb374
Docs typo/markup fixes (#5829) 2025-10-14 13:26:26 -07:00
David Lord
6a64969009
pass context through dispatch methods 2025-09-19 17:33:30 -07:00
David Lord
adf363679d
merge app and request context (#5812) 2025-09-19 16:45:27 -07:00
David Lord
c2705ffd9c
merge app and request context 2025-09-19 16:43:53 -07:00
subhajitsaha01
dbd4c28825 Changed the static annotated type of select_jinja_autoescape method in src/flask/sansio/app.py 2025-09-06 22:01:22 +05:30
David Lord
330123258e
Merge branch 'stable' 2025-08-19 14:09:56 -07:00
David Lord
85793d6c22
release version 3.1.2 (#5800) 2025-08-19 14:03:43 -07:00
David Lord
ed1c9e953e
support call template_filter without parens (#5736) 2025-08-19 12:36:00 -07:00
David Lord
edebd37044
rewrite docs, clean up typing for template decorators 2025-08-19 12:33:21 -07:00
kadai0308
daf1510a4b
use template_filter without parens 2025-08-19 12:33:21 -07:00
David Lord
85c5d93cbd
Merge branch 'stable' 2025-06-12 13:48:07 -07:00
David Lord
284273e3c5
Merge branch 'stable' 2025-06-10 13:18:26 -07:00
David Lord
d6009c0aeb
Merge branch 'stable' 2025-06-09 21:20:46 -07:00
David Lord
211cce038a
Merge branch 'stable' 2025-06-09 14:33:44 -07:00
David Lord
e974128863
Merge branch 'stable' 2025-06-08 09:54:32 -07:00
David Lord
a5f9742398
drop end of life python versions (#5731) 2025-05-13 08:35:41 -07:00
David Lord
52df9eed45
drop end of life python versions 2025-05-13 08:31:54 -07:00
David Lord
e7e5380776
Merge branch 'stable' 2025-05-13 08:10:30 -07:00
David Lord
bc143499cf
Merge branch 'stable' 2025-05-11 18:08:43 -07:00
David Lord
11c45eeba3
update dev dependencies 2025-05-11 05:58:48 -07:00
David Lord
b78b5a210b
Merge branch 'stable' 2025-03-30 13:17:17 -07:00
David Lord
f61172b8dd
Merge branch 'stable' 2025-01-05 09:10:00 -08:00
David Lord
60a11a730e
use global contributing guide 
Remove the per-project files so we don't have to
keep them in sync. GitHub's UI links to everything
except the contributing guide, so add a section
about that to the readme.
 2025-01-05 09:02:41 -08:00
David Lord
6b361ce06b
markdown formatting 2025-01-05 09:01:49 -08:00
David Lord
6b054f8f38
Merge branch 'stable' 2024-11-23 17:54:29 -08:00
David Lord
d5b7a05ab2
remove previously deprecated code (#5648) 2024-11-23 15:59:30 -08:00
David Lord
d22bfcd4cf
remove previously deprecated code 2024-11-23 15:41:36 -08:00
David Lord
4fec712f32
start version 3.2.0 2024-11-23 15:33:38 -08:00
71 changed files with 3159 additions and 2696 deletions
Download patch file Download diff file Expand all files Collapse all files

12
.github/workflows/lock.yaml vendored
View file

@ -7,17 +7,19 @@ name: Lock inactive closed issues
on:
schedule:
- cron: '0 0 * * *'
permissions:
issues: write
pull-requests: write
discussions: write
permissions: {}
concurrency:
group: lock
cancel-in-progress: true
jobs:
lock:
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
discussions: write
steps:
- uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5.0.1
- uses: dessant/lock-threads@7266a7ce5c1df01b1c6db85bf8cd86c737dadbe7 # v6.0.0
with:
issue-inactive-days: 14
pr-inactive-days: 14

18
.github/workflows/pre-commit.yaml vendored
View file

@ -3,23 +3,27 @@ on:
pull_request:
push:
branches: [main, stable]
permissions: {}
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
main:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: astral-sh/setup-uv@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1 # v6.5.0
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0
with:
enable-cache: true
prune-cache: false
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
id: setup-python
with:
python-version-file: pyproject.toml
- uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
- uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: ~/.cache/pre-commit
key: pre-commit|${{ hashFiles('pyproject.toml', '.pre-commit-config.yaml') }}
- run: uv run --locked --group pre-commit pre-commit run --show-diff-on-failure --color=always --all-files
- uses: pre-commit-ci/lite-action@5d6cc0eb514c891a40562a58a8e71576c5c7fb43 # v1.1.0
if: ${{ !cancelled() }}
- run: uv run --locked --no-default-groups --group pre-commit pre-commit run --show-diff-on-failure --color=always --all-files

22
.github/workflows/publish.yaml vendored
View file

@ -2,25 +2,29 @@ name: Publish
on:
push:
tags: ['*']
permissions: {}
concurrency:
group: publish-${{ github.event.push.ref }}
cancel-in-progress: true
jobs:
build:
runs-on: ubuntu-latest
outputs:
artifact-id: ${{ steps.upload-artifact.outputs.artifact-id }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: astral-sh/setup-uv@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1 # v6.5.0
- uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0
with:
enable-cache: true
enable-cache: false
prune-cache: false
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version-file: pyproject.toml
- run: echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
- run: uv build
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
id: upload-artifact
with:
name: dist
@ -32,12 +36,12 @@ jobs:
permissions:
contents: write
steps:
- uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
artifact-ids: ${{ needs.build.outputs.artifact-id }}
path: dist/
- name: create release
run: gh release create --draft --repo ${{ github.repository }} ${{ github.ref_name }} dist/*
run: gh release create --draft --repo ${GITHUB_REPOSITORY} ${GITHUB_REF_NAME} dist/*
env:
GH_TOKEN: ${{ github.token }}
publish-pypi:
@ -49,10 +53,10 @@ jobs:
permissions:
id-token: write
steps:
- uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
artifact-ids: ${{ needs.build.outputs.artifact-id }}
path: dist/
- uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4
- uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
with:
packages-dir: "dist/"

37
.github/workflows/tests.yaml vendored
View file

@ -5,6 +5,10 @@ on:
push:
branches: [main, stable]
paths-ignore: ['docs/**', 'README.md']
permissions: {}
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
tests:
name: ${{ matrix.name || matrix.python }}
@ -13,40 +17,47 @@ jobs:
fail-fast: false
matrix:
include:
- {python: '3.14'}
- {python: '3.14t'}
- {name: Windows, python: '3.14', os: windows-latest}
- {name: Mac, python: '3.14', os: macos-latest}
- {python: '3.13'}
- {name: Windows, python: '3.13', os: windows-latest}
- {name: Mac, python: '3.13', os: macos-latest}
- {python: '3.12'}
- {python: '3.11'}
- {python: '3.10'}
- {python: '3.9'}
- {name: PyPy, python: 'pypy-3.11', tox: pypy3.11}
- {name: Minimum Versions, python: '3.13', tox: tests-min}
- {name: Minimum Versions, python: '3.14', tox: tests-min}
- {name: Development Versions, python: '3.10', tox: tests-dev}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: astral-sh/setup-uv@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1 # v6.5.0
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0
with:
enable-cache: true
prune-cache: false
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: ${{ matrix.python }}
- run: uv run --locked tox run -e ${{ matrix.tox || format('py{0}', matrix.python) }}
- run: uv run --locked --no-default-groups --group dev tox run
env:
TOX_ENV: ${{ matrix.tox || format('py{0}', matrix.python) }}
typing:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: astral-sh/setup-uv@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1 # v6.5.0
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0
with:
enable-cache: true
prune-cache: false
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version-file: pyproject.toml
- name: cache mypy
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: ./.mypy_cache
key: mypy|${{ hashFiles('pyproject.toml') }}
- run: uv run --locked tox run -e typing
- run: uv run --locked --no-default-groups --group dev tox run -e typing

22
.github/workflows/zizmor.yaml vendored Normal file
View file

@ -0,0 +1,22 @@
name: GitHub Actions security analysis with zizmor
on:
pull_request:
paths: ["**/*.yaml?"]
push:
branches: [main, stable]
paths: ["**/*.yaml?"]
permissions: {}
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
zizmor:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2
with:
advanced-security: false
annotations: true

11
.pre-commit-config.yaml
View file

@ -1,13 +1,18 @@
repos:
- repo: https://github.com/astral-sh/ruff-pre-commit
rev: 54a455f7ce629598b7535ff828fd5fb796f4b83f # frozen: v0.12.9
rev: 5e2fb545eba1ea9dc051f6f962d52fe8f76a9794 # frozen: v0.15.13
hooks:
- id: ruff
- id: ruff-check
- id: ruff-format
- repo: https://github.com/astral-sh/uv-pre-commit
rev: f9572a6b06237978e1d52fad0ae55bac5e36da26 # frozen: 0.8.12
rev: fa60a193803535a9e2accdb3ca4b1b584b1150cb # frozen: 0.11.15
hooks:
- id: uv-lock
- repo: https://github.com/codespell-project/codespell
rev: 2ccb47ff45ad361a21071a7eedda4c37e6ae8c5a # frozen: v2.4.2
hooks:
- id: codespell
args: ['--write-changes']
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: 3e8a8703264a2f4a69428a0aa4dcb512790b2c8c # frozen: v6.0.0
hooks:

41
CHANGES.rst
View file

@ -1,3 +1,44 @@
Version 3.2.0
-------------
Unreleased
- Drop support for Python 3.9. :pr:`5730`
- Remove previously deprecated code: ``__version__``. :pr:`5648`
- ``RequestContext`` has merged with ``AppContext``. ``RequestContext`` is now
a deprecated alias. If an app context is already pushed, it is not reused
when dispatching a request. This greatly simplifies the internal code for tracking
the active context. :issue:`5639`
- Many ``Flask`` methods involved in request dispatch now take the current
``AppContext`` as the first parameter, instead of using the proxy objects.
If subclasses were overriding these methods, the old signature is detected,
shows a deprecation warning, and will continue to work during the
deprecation period. :issue:`5815`
- All teardown callbacks are called, even if any raise an error. :pr:`5928`
- The ``should_ignore_error`` is deprecated. Handle errors as needed in
teardown handlers instead. :issue:`5816`
- ``template_filter``, ``template_test``, and ``template_global`` decorators
can be used without parentheses. :issue:`5729`
- ``redirect`` returns a ``303`` status code by default instead of ``302``.
This tells the client to always switch to ``GET``, rather than only
switching ``POST`` to ``GET``. This preserves the current behavior of
``GET`` and ``POST`` redirects, and is also correct for frontend libraries
such as HTMX. :issue:`5895`
- ``provide_automatic_options=True`` can be used to enable it for a view when
it's disabled in config. Previously, only disabling worked. :issue:`5916`
- ``Flask.select_jinja_autoescape`` uses case-insensitive comparison instead
of only lower case file extensions. :pr:`6012`
Version 3.1.3
-------------
Released 2026-02-18
- The session is marked as accessed for operations that only access the keys
but not the values, such as ``in`` and ``len``. :ghsa:`68rp-wp8r-4726`
Version 3.1.2
-------------

131
docs/api.rst
View file

@ -31,17 +31,15 @@ Incoming Request Data
:inherited-members:
:exclude-members: json_module
.. attribute:: request
.. data:: request
To access incoming request data, you can use the global `request`
object. Flask parses incoming request data for you and gives you
access to it through that global object. Internally Flask makes
sure that you always get the correct data for the active thread if you
are in a multithreaded environment.
A proxy to the request data for the current request, an instance of
:class:`.Request`.
This is a proxy. See :ref:`notes-on-proxies` for more information.
This is only available when a :doc:`request context </appcontext>` is
active.
The request object is an instance of a :class:`~flask.Request`.
This is a proxy. See :ref:`context-visibility` for more information.
Response Objects
@ -62,40 +60,33 @@ does this is by using a signed cookie. The user can look at the session
contents, but can't modify it unless they know the secret key, so make sure to
set that to something complex and unguessable.
To access the current session you can use the :class:`session` object:
To access the current session you can use the :data:`.session` proxy.
.. class:: session
.. data:: session
The session object works pretty much like an ordinary dict, with the
difference that it keeps track of modifications.
A proxy to the session data for the current request, an instance of
:class:`.SessionMixin`.
This is a proxy. See :ref:`notes-on-proxies` for more information.
This is only available when a :doc:`request context </appcontext>` is
active.
The following attributes are interesting:
This is a proxy. See :ref:`context-visibility` for more information.
.. attribute:: new
The session object works like a dict but tracks assignment and access to its
keys. It cannot track modifications to mutable values, you need to set
:attr:`~.SessionMixin.modified` manually when modifying a list, dict, etc.
``True`` if the session is new, ``False`` otherwise.
.. code-block:: python
.. attribute:: modified
``True`` if the session object detected a modification. Be advised
that modifications on mutable structures are not picked up
automatically, in that situation you have to explicitly set the
attribute to ``True`` yourself. Here an example::
# this change is not picked up because a mutable object (here
# a list) is changed.
session['objects'].append(42)
# appending to a list is not detected
session["numbers"].append(42)
# so mark it as modified yourself
session.modified = True
.. attribute:: permanent
If set to ``True`` the session lives for
:attr:`~flask.Flask.permanent_session_lifetime` seconds. The
default is 31 days. If set to ``False`` (which is the default) the
session will be deleted when the user closes the browser.
The session is persisted across requests using a cookie. By default the
users's browser will clear the cookie when it is closed. Set
:attr:`~.SessionMixin.permanent` to ``True`` to persist the cookie for
:data:`PERMANENT_SESSION_LIFETIME`.
Session Interface
@ -158,20 +149,21 @@ another, a global variable is not good enough because it would break in
threaded environments. Flask provides you with a special object that
ensures it is only valid for the active request and that will return
different values for each request. In a nutshell: it does the right
thing, like it does for :class:`request` and :class:`session`.
thing, like it does for :data:`.request` and :data:`.session`.
.. data:: g
A namespace object that can store data during an
:doc:`application context </appcontext>`. This is an instance of
:attr:`Flask.app_ctx_globals_class`, which defaults to
:class:`ctx._AppCtxGlobals`.
A proxy to a namespace object used to store data during a single request or
app context. An instance of :attr:`.Flask.app_ctx_globals_class`, which
defaults to :class:`._AppCtxGlobals`.
This is a good place to store resources during a request. For
example, a ``before_request`` function could load a user object from
a session id, then set ``g.user`` to be used in the view function.
This is a good place to store resources during a request. For example, a
:meth:`~.Flask.before_request` function could load a user object from a
session id, then set ``g.user`` to be used in the view function.
This is a proxy. See :ref:`notes-on-proxies` for more information.
This is only available when an :doc:`app context </appcontext>` is active.
This is a proxy. See :ref:`context-visibility` for more information.
.. versionchanged:: 0.10
Bound to the application context instead of the request context.
@ -185,17 +177,16 @@ Useful Functions and Classes
.. data:: current_app
A proxy to the application handling the current request. This is
useful to access the application without needing to import it, or if
it can't be imported, such as when using the application factory
pattern or in blueprints and extensions.
A proxy to the :class:`.Flask` application handling the current request or
other activity.
This is only available when an
:doc:`application context </appcontext>` is pushed. This happens
automatically during requests and CLI commands. It can be controlled
manually with :meth:`~flask.Flask.app_context`.
This is useful to access the application without needing to import it, or if
it can't be imported, such as when using the application factory pattern or
in blueprints and extensions.
This is a proxy. See :ref:`notes-on-proxies` for more information.
This is only available when an :doc:`app context </appcontext>` is active.
This is a proxy. See :ref:`context-visibility` for more information.
.. autofunction:: has_request_context
@ -299,31 +290,31 @@ Stream Helpers
Useful Internals
----------------
.. autoclass:: flask.ctx.RequestContext
:members:
.. data:: flask.globals.request_ctx
The current :class:`~flask.ctx.RequestContext`. If a request context
is not active, accessing attributes on this proxy will raise a
``RuntimeError``.
This is an internal object that is essential to how Flask handles
requests. Accessing this should not be needed in most cases. Most
likely you want :data:`request` and :data:`session` instead.
.. autoclass:: flask.ctx.AppContext
:members:
.. data:: flask.globals.app_ctx
The current :class:`~flask.ctx.AppContext`. If an app context is not
active, accessing attributes on this proxy will raise a
``RuntimeError``.
A proxy to the active :class:`.AppContext`.
This is an internal object that is essential to how Flask handles
requests. Accessing this should not be needed in most cases. Most
likely you want :data:`current_app` and :data:`g` instead.
This is an internal object that is essential to how Flask handles requests.
Accessing this should not be needed in most cases. Most likely you want
:data:`.current_app`, :data:`.g`, :data:`.request`, and :data:`.session` instead.
This is only available when a :doc:`request context </appcontext>` is
active.
This is a proxy. See :ref:`context-visibility` for more information.
.. class:: flask.ctx.RequestContext
.. deprecated:: 3.2
Merged with :class:`AppContext`. This alias will be removed in Flask 4.0.
.. data:: flask.globals.request_ctx
.. deprecated:: 3.2
Merged with :data:`.app_ctx`. This alias will be removed in Flask 4.0.
.. autoclass:: flask.blueprints.BlueprintSetupState
:members:
@ -605,7 +596,7 @@ This specifies that ``/users/`` will be the URL for page one and
``/users/page/N`` will be the URL for page ``N``.
If a URL contains a default value, it will be redirected to its simpler
form with a 301 redirect. In the above example, ``/users/page/1`` will
form with a 308 redirect. In the above example, ``/users/page/1`` will
be redirected to ``/users/``. If your route handles ``GET`` and ``POST``
requests, make sure the default route only handles ``GET``, as redirects
can't preserve form data. ::

242
docs/appcontext.rst
View file

@ -1,74 +1,63 @@
.. currentmodule:: flask
The App and Request Context
===========================
The Application Context
=======================
The context keeps track of data and objects during a request, CLI command, or
other activity. Rather than passing this data around to every function, the
:data:`.current_app`, :data:`.g`, :data:`.request`, and :data:`.session` proxies
are accessed instead.
The application context keeps track of the application-level data during
a request, CLI command, or other activity. Rather than passing the
application around to each function, the :data:`current_app` and
:data:`g` proxies are accessed instead.
When handling a request, the context is referred to as the "request context"
because it contains request data in addition to application data. Otherwise,
such as during a CLI command, it is referred to as the "app context". During an
app context, :data:`.current_app` and :data:`.g` are available, while during a
request context :data:`.request` and :data:`.session` are also available.
This is similar to :doc:`/reqcontext`, which keeps track of
request-level data during a request. A corresponding application context
is pushed when a request context is pushed.
Purpose of the Context
----------------------
The :class:`Flask` application object has attributes, such as
:attr:`~Flask.config`, that are useful to access within views and
:doc:`CLI commands </cli>`. However, importing the ``app`` instance
within the modules in your project is prone to circular import issues.
When using the :doc:`app factory pattern </patterns/appfactories>` or
writing reusable :doc:`blueprints </blueprints>` or
:doc:`extensions </extensions>` there won't be an ``app`` instance to
import at all.
The context and proxies help solve two development issues: circular imports, and
passing around global data during a request.
Flask solves this issue with the *application context*. Rather than
referring to an ``app`` directly, you use the :data:`current_app`
proxy, which points to the application handling the current activity.
The :class:`.Flask` application object has attributes, such as
:attr:`~.Flask.config`, that are useful to access within views and other
functions. However, importing the ``app`` instance within the modules in your
project is prone to circular import issues. When using the
:doc:`app factory pattern </patterns/appfactories>` or writing reusable
:doc:`blueprints </blueprints>` or :doc:`extensions </extensions>` there won't
be an ``app`` instance to import at all.
Flask automatically *pushes* an application context when handling a
request. View functions, error handlers, and other functions that run
during a request will have access to :data:`current_app`.
When the application handles a request, it creates a :class:`.Request` object.
Because a *worker* handles only one request at a time, the request data can be
considered global to that worker during that request. Passing it as an argument
through every function during the request becomes verbose and redundant.
Flask will also automatically push an app context when running CLI
commands registered with :attr:`Flask.cli` using ``@app.cli.command()``.
Flask solves these issues with the *active context* pattern. Rather than
importing an ``app`` directly, or having to pass it and the request through to
every single function, you import and access the proxies, which point to the
currently active application and request data. This is sometimes referred to
as "context local" data.
Lifetime of the Context
-----------------------
Context During Setup
--------------------
The application context is created and destroyed as necessary. When a
Flask application begins handling a request, it pushes an application
context and a :doc:`request context </reqcontext>`. When the request
ends it pops the request context then the application context.
Typically, an application context will have the same lifetime as a
request.
See :doc:`/reqcontext` for more information about how the contexts work
and the full life cycle of a request.
Manually Push a Context
-----------------------
If you try to access :data:`current_app`, or anything that uses it,
outside an application context, you'll get this error message:
If you try to access :data:`.current_app`, :data:`.g`, or anything that uses it,
outside an app context, you'll get this error message:
.. code-block:: pytb
RuntimeError: Working outside of application context.
This typically means that you attempted to use functionality that
needed to interface with the current application object in some way.
To solve this, set up an application context with app.app_context().
Attempted to use functionality that expected a current application to be
set. To solve this, set up an app context using 'with app.app_context()'.
See the documentation on app context for more information.
If you see that error while configuring your application, such as when
initializing an extension, you can push a context manually since you
have direct access to the ``app``. Use :meth:`~Flask.app_context` in a
``with`` block, and everything that runs in the block will have access
to :data:`current_app`. ::
initializing an extension, you can push a context manually since you have direct
access to the ``app``. Use :meth:`.Flask.app_context` in a ``with`` block.
.. code-block:: python
def create_app():
app = Flask(__name__)
@ -78,70 +67,121 @@ to :data:`current_app`. ::
return app
If you see that error somewhere else in your code not related to
configuring the application, it most likely indicates that you should
move that code into a view function or CLI command.
If you see that error somewhere else in your code not related to setting up the
application, it most likely indicates that you should move that code into a view
function or CLI command.
Storing Data
------------
Context During Testing
----------------------
The application context is a good place to store common data during a
request or CLI command. Flask provides the :data:`g object <g>` for this
purpose. It is a simple namespace object that has the same lifetime as
an application context.
See :doc:`/testing` for detailed information about managing the context during
tests.
.. note::
The ``g`` name stands for "global", but that is referring to the
data being global *within a context*. The data on ``g`` is lost
after the context ends, and it is not an appropriate place to store
data between requests. Use the :data:`session` or a database to
store data across requests.
If you try to access :data:`.request`, :data:`.session`, or anything that uses
it, outside a request context, you'll get this error message:
A common use for :data:`g` is to manage resources during a request.
.. code-block:: pytb
1. ``get_X()`` creates resource ``X`` if it does not exist, caching it
as ``g.X``.
2. ``teardown_X()`` closes or otherwise deallocates the resource if it
exists. It is registered as a :meth:`~Flask.teardown_appcontext`
handler.
RuntimeError: Working outside of request context.
For example, you can manage a database connection using this pattern::
Attempted to use functionality that expected an active HTTP request. See the
documentation on request context for more information.
from flask import g
This will probably only happen during tests. If you see that error somewhere
else in your code not related to testing, it most likely indicates that you
should move that code into a view function.
def get_db():
if 'db' not in g:
g.db = connect_to_database()
The primary way to solve this is to use :meth:`.Flask.test_client` to simulate
a full request.
return g.db
If you only want to unit test one function, rather than a full request, use
:meth:`.Flask.test_request_context` in a ``with`` block.
@app.teardown_appcontext
def teardown_db(exception):
db = g.pop('db', None)
.. code-block:: python
if db is not None:
db.close()
def generate_report(year):
format = request.args.get("format")
...
During a request, every call to ``get_db()`` will return the same
connection, and it will be closed automatically at the end of the
request.
You can use :class:`~werkzeug.local.LocalProxy` to make a new context
local from ``get_db()``::
from werkzeug.local import LocalProxy
db = LocalProxy(get_db)
Accessing ``db`` will call ``get_db`` internally, in the same way that
:data:`current_app` works.
with app.test_request_context(
"/make_report/2017", query_string={"format": "short"}
):
generate_report()
Events and Signals
------------------
.. _context-visibility:
The application will call functions registered with :meth:`~Flask.teardown_appcontext`
when the application context is popped.
Visibility of the Context
-------------------------
The following signals are sent: :data:`appcontext_pushed`,
:data:`appcontext_tearing_down`, and :data:`appcontext_popped`.
The context will have the same lifetime as an activity, such as a request, CLI
command, or ``with`` block. Various callbacks and signals registered with the
app will be run during the context.
When a Flask application handles a request, it pushes a request context
to set the active application and request data. When it handles a CLI command,
it pushes an app context to set the active application. When the activity ends,
it pops that context. Proxy objects like :data:`.request`, :data:`.session`,
:data:`.g`, and :data:`.current_app`, are accessible while the context is pushed
and active, and are not accessible after the context is popped.
The context is unique to each thread (or other worker type). The proxies cannot
be passed to another worker, which has a different context space and will not
know about the active context in the parent's space.
Besides being scoped to each worker, the proxy object has a separate type and
identity than the proxied real object. In some cases you'll need access to the
real object, rather than the proxy. Use the
:meth:`~.LocalProxy._get_current_object` method in those cases.
.. code-block:: python
app = current_app._get_current_object()
my_signal.send(app)
Lifecycle of the Context
------------------------
Flask dispatches a request in multiple stages which can affect the request,
response, and how errors are handled. See :doc:`/lifecycle` for a list of all
the steps, callbacks, and signals during each request. The following are the
steps directly related to the context.
- The app context is pushed, the proxies are available.
- The :data:`.appcontext_pushed` signal is sent.
- The request is dispatched.
- Any :meth:`.Flask.teardown_request` decorated functions are called.
- The :data:`.request_tearing_down` signal is sent.
- Any :meth:`.Flask.teardown_appcontext` decorated functions are called.
- The :data:`.appcontext_tearing_down` signal is sent.
- The app context is popped, the proxies are no longer available.
- The :data:`.appcontext_popped` signal is sent.
The teardown callbacks are called by the context when it is popped. They are
called even if there is an unhandled exception during dispatch. They may be
called multiple times in some test scenarios. This means there is no guarantee
that any other parts of the request dispatch have run. Be sure to write these
functions in a way that does not depend on other callbacks. All callbacks are
called even if any raise an error.
How the Context Works
---------------------
Context locals are implemented using Python's :mod:`contextvars` and Werkzeug's
:class:`~werkzeug.local.LocalProxy`. Python's contextvars are a low level
structure to manage data local to a thread or coroutine. ``LocalProxy`` wraps
the contextvar so that access to any attributes and methods is forwarded to the
object stored in the contextvar.
The context is tracked like a stack, with the active context at the top of the
stack. Flask manages pushing and popping contexts during requests, CLI commands,
testing, ``with`` blocks, etc. The proxies access attributes on the active
context.
Because it is a stack, other contexts may be pushed to change the proxies during
an already active context. This is not a common pattern, but can be used in
advanced use cases. For example, a Flask application can be used as WSGI
middleware, calling another wrapped Flask app from a view.

28
docs/async-await.rst
View file

@ -23,12 +23,6 @@ method in views that inherit from the :class:`flask.views.View` class, as
well as all the HTTP method handlers in views that inherit from the
:class:`flask.views.MethodView` class.
.. admonition:: Using ``async`` with greenlet
When using gevent or eventlet to serve an application or patch the
runtime, greenlet>=1.0 is required. When using PyPy, PyPy>=7.3.7 is
required.
Performance
-----------
@ -78,15 +72,15 @@ Flask based on the `ASGI`_ standard instead of WSGI. This allows it to
handle many concurrent requests, long running requests, and websockets
without requiring multiple worker processes or threads.
It has also already been possible to run Flask with Gevent or Eventlet
to get many of the benefits of async request handling. These libraries
patch low-level Python functions to accomplish this, whereas ``async``/
``await`` and ASGI use standard, modern Python capabilities. Deciding
whether you should use Flask, Quart, or something else is ultimately up
to understanding the specific needs of your project.
It has also already been possible to :doc:`run Flask with Gevent </gevent>` to
get many of the benefits of async request handling. Gevent patches low-level
Python functions to accomplish this, whereas ``async``/``await`` and ASGI use
standard, modern Python capabilities. Deciding whether you should use gevent
with Flask, or Quart, or something else is ultimately up to understanding the
specific needs of your project.
.. _Quart: https://github.com/pallets/quart
.. _ASGI: https://asgi.readthedocs.io/en/latest/
.. _Quart: https://quart.palletsprojects.com
.. _ASGI: https://asgi.readthedocs.io
Extensions
@ -120,6 +114,6 @@ implemented async support, or make a feature request or PR to them.
Other event loops
-----------------
At the moment Flask only supports :mod:`asyncio`. It's possible to
override :meth:`flask.Flask.ensure_sync` to change how async functions
are wrapped to use a different library.
At the moment Flask only supports :mod:`asyncio`. It's possible to override
:meth:`flask.Flask.ensure_sync` to change how async functions are wrapped to use
a different library. See :ref:`gevent-asyncio` for an example.

4
docs/config.rst
View file

@ -79,7 +79,7 @@ The following configuration values are used internally by Flask:
.. py:data:: TESTING
Enable testing mode. Exceptions are propagated rather than handled by the
Enable testing mode. Exceptions are propagated rather than handled by
the app's error handlers. Extensions may also change their behavior to
facilitate easier testing. You should enable this in your own tests.
@ -445,7 +445,7 @@ The following configuration values are used internally by Flask:
.. versionchanged:: 2.3
``ENV`` was removed.
.. versionadded:: 3.10
.. versionadded:: 3.1
Added :data:`PROVIDE_AUTOMATIC_OPTIONS` to control the default
addition of autogenerated OPTIONS responses.

80
docs/deploying/eventlet.rst
View file

@ -1,80 +1,8 @@
:orphan:
eventlet
========
Prefer using :doc:`gunicorn` with eventlet workers rather than using
`eventlet`_ directly. Gunicorn provides a much more configurable and
production-tested server.
`Eventlet is no longer maintained.`__ Use :doc:`/deploying/gevent` instead.
`eventlet`_ allows writing asynchronous, coroutine-based code that looks
like standard synchronous Python. It uses `greenlet`_ to enable task
switching without writing ``async/await`` or using ``asyncio``.
:doc:`gevent` is another library that does the same thing. Certain
dependencies you have, or other considerations, may affect which of the
two you choose to use.
eventlet provides a WSGI server that can handle many connections at once
instead of one per worker process. You must actually use eventlet in
your own code to see any benefit to using the server.
.. _eventlet: https://eventlet.net/
.. _greenlet: https://greenlet.readthedocs.io/en/latest/
Installing
----------
When using eventlet, greenlet>=1.0 is required, otherwise context locals
such as ``request`` will not work as expected. When using PyPy,
PyPy>=7.3.7 is required.
Create a virtualenv, install your application, then install
``eventlet``.
.. code-block:: text
$ cd hello-app
$ python -m venv .venv
$ . .venv/bin/activate
$ pip install . # install your application
$ pip install eventlet
Running
-------
To use eventlet to serve your application, write a script that imports
its ``wsgi.server``, as well as your app or app factory.
.. code-block:: python
:caption: ``wsgi.py``
import eventlet
from eventlet import wsgi
from hello import create_app
app = create_app()
wsgi.server(eventlet.listen(("127.0.0.1", 8000)), app)
.. code-block:: text
$ python wsgi.py
(x) wsgi starting up on http://127.0.0.1:8000
Binding Externally
------------------
eventlet should not be run as root because it would cause your
application code to run as root, which is not secure. However, this
means it will not be possible to bind to port 80 or 443. Instead, a
reverse proxy such as :doc:`nginx` or :doc:`apache-httpd` should be used
in front of eventlet.
You can bind to all external IPs on a non-privileged port by using
``0.0.0.0`` in the server arguments shown in the previous section.
Don't do this when using a reverse proxy setup, otherwise it will be
possible to bypass the proxy.
``0.0.0.0`` is not a valid address to navigate to, you'd use a specific
IP address in your browser.
__ https://eventlet.readthedocs.io

14
docs/deploying/gevent.rst
View file

@ -7,15 +7,12 @@ configurable and production-tested servers.
`gevent`_ allows writing asynchronous, coroutine-based code that looks
like standard synchronous Python. It uses `greenlet`_ to enable task
switching without writing ``async/await`` or using ``asyncio``.
:doc:`eventlet` is another library that does the same thing. Certain
dependencies you have, or other considerations, may affect which of the
two you choose to use.
switching without writing ``async/await`` or using ``asyncio``. This is
not the same as Python's ``async/await``, or the ASGI server spec.
gevent provides a WSGI server that can handle many connections at once
instead of one per worker process. You must actually use gevent in your
own code to see any benefit to using the server.
instead of one per worker process. See :doc:`/gevent` for more
information about enabling it in your application.
.. _gevent: https://www.gevent.org/
.. _greenlet: https://greenlet.readthedocs.io/en/latest/
@ -24,8 +21,7 @@ own code to see any benefit to using the server.
Installing
----------
When using gevent, greenlet>=1.0 is required, otherwise context locals
such as ``request`` will not work as expected. When using PyPy,
When using gevent, greenlet>=1.0 is required. When using PyPy,
PyPy>=7.3.7 is required.
Create a virtualenv, install your application, then install ``gevent``.

36
docs/deploying/gunicorn.rst
View file

@ -8,7 +8,7 @@ multiple worker implementations for performance tuning.
* It does not support Windows (but does run on WSL).
* It is easy to install as it does not require additional dependencies
or compilation.
* It has built-in async worker support using gevent or eventlet.
* It has built-in async worker support using gevent.
This page outlines the basics of running Gunicorn. Be sure to read its
`documentation`_ and use ``gunicorn --help`` to understand what features
@ -93,20 +93,19 @@ otherwise it will be possible to bypass the proxy.
IP address in your browser.
Async with gevent or eventlet
-----------------------------
Async with gevent
-----------------
The default sync worker is appropriate for many use cases. If you need
asynchronous support, Gunicorn provides workers using either `gevent`_
or `eventlet`_. This is not the same as Python's ``async/await``, or the
ASGI server spec. You must actually use gevent/eventlet in your own code
to see any benefit to using the workers.
The default sync worker is appropriate for most use cases. If you need numerous,
long running, concurrent connections, Gunicorn provides an asynchronous worker
using `gevent`_. This is not the same as Python's ``async/await``, or the ASGI
server spec. See :doc:`/gevent` for more information about enabling it in your
application.
When using either gevent or eventlet, greenlet>=1.0 is required,
otherwise context locals such as ``request`` will not work as expected.
When using PyPy, PyPy>=7.3.7 is required.
.. _gevent: https://www.gevent.org/
To use gevent:
When using gevent, greenlet>=1.0 is required. When using PyPy, PyPy>=7.3.7 is
required.
.. code-block:: text
@ -115,16 +114,3 @@ To use gevent:
Listening at: http://127.0.0.1:8000 (x)
Using worker: gevent
Booting worker with pid: x
To use eventlet:
.. code-block:: text
$ gunicorn -k eventlet 'hello:create_app()'
Starting gunicorn 20.1.0
Listening at: http://127.0.0.1:8000 (x)
Using worker: eventlet
Booting worker with pid: x
.. _gevent: https://www.gevent.org/
.. _eventlet: https://eventlet.net/

1
docs/deploying/index.rst
View file

@ -36,7 +36,6 @@ discusses platforms that can manage this for you.
mod_wsgi
uwsgi
gevent
eventlet
asgi
WSGI servers have HTTP servers built-in. However, a dedicated HTTP

20
docs/deploying/uwsgi.rst
View file

@ -119,15 +119,16 @@ IP address in your browser.
Async with gevent
-----------------
The default sync worker is appropriate for many use cases. If you need
asynchronous support, uWSGI provides a `gevent`_ worker. This is not the
same as Python's ``async/await``, or the ASGI server spec. You must
actually use gevent in your own code to see any benefit to using the
worker.
The default sync worker is appropriate for most use cases. If you need numerous,
long running, concurrent connections, uWSGI provides an asynchronous worker
using `gevent`_. This is not the same as Python's ``async/await``, or the ASGI
server spec. See :doc:`/gevent` for more information about enabling it in your
application.
When using gevent, greenlet>=1.0 is required, otherwise context locals
such as ``request`` will not work as expected. When using PyPy,
PyPy>=7.3.7 is required.
.. _gevent: https://www.gevent.org/
When using gevent, greenlet>=1.0 is required. When using PyPy, PyPy>=7.3.7 is
required.
.. code-block:: text
@ -140,6 +141,3 @@ PyPy>=7.3.7 is required.
spawned uWSGI worker 1 (pid: x, cores: 100)
spawned uWSGI http 1 (pid: x)
*** running gevent loop engine [addr:x] ***
.. _gevent: https://www.gevent.org/

23
docs/design.rst
View file

@ -169,19 +169,20 @@ infrastructure, packages with dependencies are no longer an issue and
there are very few reasons against having libraries that depend on others.
Thread Locals
-------------
Context Locals
--------------
Flask uses thread local objects (context local objects in fact, they
support greenlet contexts as well) for request, session and an extra
object you can put your own things on (:data:`~flask.g`). Why is that and
isn't that a bad idea?
Flask uses special context locals and proxies to provide access to the
current app and request data to any code running during a request, CLI command,
etc. Context locals are specific to the worker handling the activity, such as a
thread, process, coroutine, or greenlet.
Yes it is usually not such a bright idea to use thread locals. They cause
troubles for servers that are not based on the concept of threads and make
large applications harder to maintain. However Flask is just not designed
for large applications or asynchronous servers. Flask wants to make it
quick and easy to write a traditional web application.
The context and proxies help solve two development issues: circular imports, and
passing around global data. :data:`.current_app` can be used to access the
application object without needing to import the app object directly, avoiding
circular import issues. :data:`.request`, :data:`.session`, and :data:`.g` can
be imported to access the current data for the request, rather than needing to
pass them as arguments through every single function in your project.
Async/await and ASGI support

23
docs/extensiondev.rst
View file

@ -67,7 +67,7 @@ application instance.
It is important that the app is not stored on the extension, don't do
``self.app = app``. The only time the extension should have direct
access to an app is during ``init_app``, otherwise it should use
:data:`current_app`.
:data:`.current_app`.
This allows the extension to support the application factory pattern,
avoids circular import issues when importing the extension instance
@ -105,7 +105,7 @@ during an extension's ``init_app`` method.
A common pattern is to use :meth:`~Flask.before_request` to initialize
some data or a connection at the beginning of each request, then
:meth:`~Flask.teardown_request` to clean it up at the end. This can be
stored on :data:`g`, discussed more below.
stored on :data:`.g`, discussed more below.
A more lazy approach is to provide a method that initializes and caches
the data or connection. For example, a ``ext.get_db`` method could
@ -179,13 +179,12 @@ name as a prefix, or as a namespace.
g._hello = SimpleNamespace()
g._hello.user_id = 2
The data in ``g`` lasts for an application context. An application
context is active when a request context is, or when a CLI command is
run. If you're storing something that should be closed, use
:meth:`~flask.Flask.teardown_appcontext` to ensure that it gets closed
when the application context ends. If it should only be valid during a
request, or would not be used in the CLI outside a request, use
:meth:`~flask.Flask.teardown_request`.
The data in ``g`` lasts for an application context. An application context is
active during a request, CLI command, or ``with app.app_context()`` block. If
you're storing something that should be closed, use
:meth:`~flask.Flask.teardown_appcontext` to ensure that it gets closed when the
app context ends. If it should only be valid during a request, or would not be
used in the CLI outside a request, use :meth:`~flask.Flask.teardown_request`.
Views and Models
@ -294,11 +293,13 @@ ecosystem remain consistent and compatible.
indicate minimum compatibility support. For example,
``sqlalchemy>=1.4``.
9. Indicate the versions of Python supported using ``python_requires=">=version"``.
Flask itself supports Python >=3.9 as of October 2024, and this will update
over time.
Flask and Pallets policy is to support all Python versions that are not
within six months of end of life (EOL). See Python's `EOL calendar`_ for
timing.
.. _PyPI: https://pypi.org/search/?c=Framework+%3A%3A+Flask
.. _Discord Chat: https://discord.gg/pallets
.. _GitHub Discussions: https://github.com/pallets/flask/discussions
.. _Official Pallets Themes: https://pypi.org/project/Pallets-Sphinx-Themes/
.. _Pallets-Eco: https://github.com/pallets-eco
.. _EOL calendar: https://devguide.python.org/versions/

125
docs/gevent.rst Normal file
View file

@ -0,0 +1,125 @@
Async with Gevent
=================
`Gevent`_ patches Python's standard library to run within special async workers
called `greenlets`_. Gevent has existed since long before Python's native
asyncio was available, and Flask has always worked with it.
.. _gevent: https://www.gevent.org
.. _greenlets: https://greenlet.readthedocs.io
Gevent is a reliable way to handle numerous, long lived, concurrent connections,
and to achieve similar capabilities to ASGI and asyncio. This works without
needing to write ``async def`` or ``await`` anywhere, but relies on gevent and
greenlet's low level manipulation of the Python interpreter.
Deciding whether you should use gevent with Flask, or `Quart`_, or something
else, is ultimately up to understanding the specific needs of your project.
.. _quart: https://quart.palletsprojects.com
Enabling gevent
---------------
You need to apply gevent's patching as early as possible in your code. This
enables gevent's underlying event loop and converts many Python internals to run
inside it. Add the following at the top of your project's module or top
``__init__.py``:
.. code-block:: python
import gevent.monkey
gevent.monkey.patch_all()
When deploying in production, use :doc:`/deploying/gunicorn` or
:doc:`/deploying/uwsgi` with a gevent worker, as described on those pages.
To run concurrent tasks within your own code, such as views, use
|gevent.spawn|_:
.. |gevent.spawn| replace:: ``gevent.spawn()``
.. _gevent.spawn: https://www.gevent.org/api/gevent.html#gevent.spawn
.. code-block:: python
@app.post("/send")
def send_email():
gevent.spawn(email.send, to="example@example.example", text="example")
return "Email is being sent."
If you need to access :data:`request` or other Flask context globals within the
spawned function, decorate the function with :func:`.stream_with_context` or
:func:`.copy_current_request_context`. Prefer passing the exact data you need
when spawning the function, rather than using the decorators.
.. note::
When using gevent, greenlet>=1.0 is required. When using PyPy, PyPy>=7.3.7
is required.
.. _gevent-asyncio:
Combining with ``async``/``await``
----------------------------------
Gevent's patching does not interact well with Flask's built-in asyncio support.
If you want to use Gevent and asyncio in the same app, you'll need to override
:meth:`flask.Flask.async_to_sync` to run async functions inside gevent.
.. code-block:: python
import gevent.monkey
gevent.monkey.patch_all()
import asyncio
from flask import Flask, request
loop = asyncio.EventLoop()
gevent.spawn(loop.run_forever)
class GeventFlask(Flask):
def async_to_sync(self, func):
def run(*args, **kwargs):
coro = func(*args, **kwargs)
future = asyncio.run_coroutine_threadsafe(coro, loop)
return future.result()
return run
app = GeventFlask(__name__)
@app.get("/")
async def greet():
await asyncio.sleep(1)
return f"Hello, {request.args.get("name", "World")}!"
This starts an asyncio event loop in a gevent worker. Async functions are
scheduled on that event loop. This may still have limitations, and may need to
be modified further when using other asyncio implementations.
libuv
~~~~~
`libuv`_ is another event loop implementation that `gevent supports`_. There's
also a project called `uvloop`_ that enables libuv in asyncio. If you want to
use libuv, use gevent's support, not uvloop. It may be possible to further
modify the ``async_to_sync`` code from the previous section to work with uvloop,
but that's not currently known.
.. _libuv: https://libuv.org/
.. _gevent supports: https://www.gevent.org/loop_impls.html
.. _uvloop: https://uvloop.readthedocs.io/
To enable gevent's libuv support, add the following at the *very* top of your
code, before ``gevent.monkey.patch_all()``:
.. code-block:: python
import gevent
gevent.config.loop = "libuv"
import gevent.monkey
gevent.monkey.patch_all()

2
docs/index.rst
View file

@ -52,7 +52,6 @@ community-maintained extensions to add even more functionality.
views
lifecycle
appcontext
reqcontext
blueprints
extensions
cli
@ -61,6 +60,7 @@ community-maintained extensions to add even more functionality.
patterns/index
web-security
deploying/index
gevent
async-await

7
docs/installation.rst
View file

@ -5,7 +5,7 @@ Installation
Python Version
--------------
We recommend using the latest version of Python. Flask supports Python 3.9 and newer.
We recommend using the latest version of Python. Flask supports Python 3.10 and newer.
Dependencies
@ -51,9 +51,8 @@ use them if you install them.
greenlet
~~~~~~~~
You may choose to use gevent or eventlet with your application. In this
case, greenlet>=1.0 is required. When using PyPy, PyPy>=7.3.7 is
required.
You may choose to use :doc:`/gevent` with your application. In this case,
greenlet>=1.0 is required. When using PyPy, PyPy>=7.3.7 is required.
These are not minimum supported versions, they only indicate the first
versions that added necessary features. You should use the latest

29
docs/lifecycle.rst
View file

@ -117,15 +117,12 @@ the view function, and pass the return value back to the server. But there are m
parts that you can use to customize its behavior.
#. WSGI server calls the Flask object, which calls :meth:`.Flask.wsgi_app`.
#. A :class:`.RequestContext` object is created. This converts the WSGI ``environ``
dict into a :class:`.Request` object. It also creates an :class:`AppContext` object.
#. The :doc:`app context <appcontext>` is pushed, which makes :data:`.current_app` and
:data:`.g` available.
#. An :class:`.AppContext` object is created. This converts the WSGI ``environ``
dict into a :class:`.Request` object.
#. The :doc:`app context <appcontext>` is pushed, which makes
:data:`.current_app`, :data:`.g`, :data:`.request`, and :data:`.session`
available.
#. The :data:`.appcontext_pushed` signal is sent.
#. The :doc:`request context <reqcontext>` is pushed, which makes :attr:`.request` and
:class:`.session` available.
#. The session is opened, loading any existing session data using the app's
:attr:`~.Flask.session_interface`, an instance of :class:`.SessionInterface`.
#. The URL is matched against the URL rules registered with the :meth:`~.Flask.route`
decorator during application setup. If there is no match, the error - usually a 404,
405, or redirect - is stored to be handled later.
@ -141,7 +138,8 @@ parts that you can use to customize its behavior.
called to handle the error and return a response.
#. Whatever returned a response value - a before request function, the view, or an
error handler, that value is converted to a :class:`.Response` object.
#. Any :func:`~.after_this_request` decorated functions are called, then cleared.
#. Any :func:`~.after_this_request` decorated functions are called, which can modify
the response object. They are then cleared.
#. Any :meth:`~.Flask.after_request` decorated functions are called, which can modify
the response object.
#. The session is saved, persisting any modified session data using the app's
@ -154,14 +152,19 @@ parts that you can use to customize its behavior.
#. The response object's status, headers, and body are returned to the WSGI server.
#. Any :meth:`~.Flask.teardown_request` decorated functions are called.
#. The :data:`.request_tearing_down` signal is sent.
#. The request context is popped, :attr:`.request` and :class:`.session` are no longer
available.
#. Any :meth:`~.Flask.teardown_appcontext` decorated functions are called.
#. The :data:`.appcontext_tearing_down` signal is sent.
#. The app context is popped, :data:`.current_app` and :data:`.g` are no longer
available.
#. The app context is popped, :data:`.current_app`, :data:`.g`, :data:`.request`,
and :data:`.session` are no longer available.
#. The :data:`.appcontext_popped` signal is sent.
When executing a CLI command or plain app context without request data, the same
order of steps is followed, omitting the steps that refer to the request.
A :class:`Blueprint` can add handlers for these events that are specific to the
blueprint. The handlers for a blueprint will run if the blueprint
owns the route that matches the request.
There are even more decorators and customization points than this, but that aren't part
of every request lifecycle. They're more specific to certain things you might use during
a request, such as templates, building URLs, or handling JSON data. See the rest of this

8
docs/patterns/javascript.rst
View file

@ -136,7 +136,8 @@ In general, prefer sending request data as form data, as would be used
when submitting an HTML form. JSON can represent more complex data, but
unless you need that it's better to stick with the simpler format. When
sending JSON data, the ``Content-Type: application/json`` header must be
sent as well, otherwise Flask will return a 400 error.
sent as well, otherwise Flask will return a 415 Unsupported Media Type
error.
.. code-block:: javascript
@ -244,8 +245,9 @@ Receiving JSON in Views
Use the :attr:`~flask.Request.json` property of the
:data:`~flask.request` object to decode the request's body as JSON. If
the body is not valid JSON, or the ``Content-Type`` header is not set to
``application/json``, a 400 Bad Request error will be raised.
the body is not valid JSON, a 400 Bad Request error will be raised. If
the ``Content-Type`` header is not set to ``application/json``, a 415
Unsupported Media Type error will be raised.
.. code-block:: python

3
docs/patterns/mongoengine.rst
View file

@ -10,8 +10,7 @@ A running MongoDB server and `Flask-MongoEngine`_ are required. ::
pip install flask-mongoengine
.. _MongoEngine: http://mongoengine.org
.. _Flask-MongoEngine: https://flask-mongoengine.readthedocs.io
.. _Flask-MongoEngine: https://docs.mongoengine.org/projects/flask-mongoengine/en/latest/
Configuration
-------------

5
docs/patterns/sqlalchemy.rst
View file

@ -131,9 +131,8 @@ Here is an example :file:`database.py` module for your application::
def init_db():
metadata.create_all(bind=engine)
As in the declarative approach, you need to close the session after
each request or application context shutdown. Put this into your
application module::
As in the declarative approach, you need to close the session after each app
context. Put this into your application module::
from yourapplication.database import db_session

6
docs/patterns/sqlite3.rst
View file

@ -1,9 +1,9 @@
Using SQLite 3 with Flask
=========================
In Flask you can easily implement the opening of database connections on
demand and closing them when the context dies (usually at the end of the
request).
You can implement a few functions to work with a SQLite connection during a
request context. The connection is created the first time it's accessed,
reused on subsequent access, until it is closed when the request context ends.
Here is a simple example of how you can use SQLite 3 with Flask::

25
docs/patterns/streaming.rst
View file

@ -8,6 +8,21 @@ roundtrip to the filesystem?
The answer is by using generators and direct responses.
HTTP Response Behavior
----------------------
**Headers cannot be changed after the streaming response starts.**
When using streaming, it's important to be aware of the order than an HTTP
response is sent. All headers must be sent first, then the body. More headers
cannot be sent after the body has begun. Therefore, you must make sure all
headers are set before starting the response, outside the generator.
In particular, if the generator will access ``session``, be sure to do so in the
view as well so that the ``Vary: cookie`` header will be set. Do not modify the
session in the generator, as the ``Set-Cookie`` header will already be sent.
Basic Usage
-----------
@ -49,13 +64,13 @@ the template.
Streaming with Context
----------------------
The :data:`~flask.request` will not be active while the generator is
running, because the view has already returned at that point. If you try
to access ``request``, you'll get a ``RuntimeError``.
The :data:`.request` proxy will not be active while the generator is
running, because the app has already returned control to the WSGI server at that
point. If you try to access ``request``, you'll get a ``RuntimeError``.
If your generator function relies on data in ``request``, use the
:func:`~flask.stream_with_context` wrapper. This will keep the request
context active during the generator.
:func:`.stream_with_context` wrapper. This will keep the request context active
during the generator.
.. code-block:: python

123
docs/quickstart.rst
View file

@ -258,7 +258,7 @@ Why would you want to build URLs using the URL reversing function
For example, here we use the :meth:`~flask.Flask.test_request_context` method
to try out :func:`~flask.url_for`. :meth:`~flask.Flask.test_request_context`
tells Flask to behave as though it's handling a request even while we use a
Python shell. See :ref:`context-locals`.
Python shell. See :doc:`/appcontext`.
.. code-block:: python
@ -449,105 +449,58 @@ Here is a basic introduction to how the :class:`~markupsafe.Markup` class works:
Accessing Request Data
----------------------
For web applications it's crucial to react to the data a client sends to
the server. In Flask this information is provided by the global
:class:`~flask.request` object. If you have some experience with Python
you might be wondering how that object can be global and how Flask
manages to still be threadsafe. The answer is context locals:
For web applications it's crucial to react to the data a client sends to the
server. In Flask this information is provided by the global :data:`.request`
object, which is an instance of :class:`.Request`. This object has many
attributes and methods to work with the incoming request data, but here is a
broad overview. First it needs to be imported.
.. _context-locals:
Context Locals
``````````````
.. admonition:: Insider Information
If you want to understand how that works and how you can implement
tests with context locals, read this section, otherwise just skip it.
Certain objects in Flask are global objects, but not of the usual kind.
These objects are actually proxies to objects that are local to a specific
context. What a mouthful. But that is actually quite easy to understand.
Imagine the context being the handling thread. A request comes in and the
web server decides to spawn a new thread (or something else, the
underlying object is capable of dealing with concurrency systems other
than threads). When Flask starts its internal request handling it
figures out that the current thread is the active context and binds the
current application and the WSGI environments to that context (thread).
It does that in an intelligent way so that one application can invoke another
application without breaking.
So what does this mean to you? Basically you can completely ignore that
this is the case unless you are doing something like unit testing. You
will notice that code which depends on a request object will suddenly break
because there is no request object. The solution is creating a request
object yourself and binding it to the context. The easiest solution for
unit testing is to use the :meth:`~flask.Flask.test_request_context`
context manager. In combination with the ``with`` statement it will bind a
test request so that you can interact with it. Here is an example::
.. code-block:: python
from flask import request
with app.test_request_context('/hello', method='POST'):
# now you can do something with the request until the
# end of the with block, such as basic assertions:
assert request.path == '/hello'
assert request.method == 'POST'
If you have some experience with Python you might be wondering how that object
can be global when Flask handles multiple requests at a time. The answer is
that :data:`.request` is actually a proxy, pointing at whatever request is
currently being handled by a given worker, which is managed internally by Flask
and Python. See :doc:`/appcontext` for much more information.
The other possibility is passing a whole WSGI environment to the
:meth:`~flask.Flask.request_context` method::
The current request method is available in the :attr:`~.Request.method`
attribute. To access form data (data transmitted in a ``POST`` or ``PUT``
request), use the :attr:`~flask.Request.form` attribute, which behaves like a
dict.
with app.request_context(environ):
assert request.method == 'POST'
.. code-block:: python
The Request Object
``````````````````
The request object is documented in the API section and we will not cover
it here in detail (see :class:`~flask.Request`). Here is a broad overview of
some of the most common operations. First of all you have to import it from
the ``flask`` module::
from flask import request
The current request method is available by using the
:attr:`~flask.Request.method` attribute. To access form data (data
transmitted in a ``POST`` or ``PUT`` request) you can use the
:attr:`~flask.Request.form` attribute. Here is a full example of the two
attributes mentioned above::
@app.route('/login', methods=['POST', 'GET'])
@app.route("/login", methods=["GET", "POST"])
def login():
error = None
if request.method == 'POST':
if valid_login(request.form['username'],
request.form['password']):
return log_the_user_in(request.form['username'])
if request.method == "POST":
if valid_login(request.form["username"], request.form["password"]):
return store_login(request.form["username"])
else:
error = 'Invalid username/password'
# the code below is executed if the request method
# was GET or the credentials were invalid
return render_template('login.html', error=error)
error = "Invalid username or password"
What happens if the key does not exist in the ``form`` attribute? In that
case a special :exc:`KeyError` is raised. You can catch it like a
standard :exc:`KeyError` but if you don't do that, a HTTP 400 Bad Request
error page is shown instead. So for many situations you don't have to
deal with that problem.
# Executed if the request method was GET or the credentials were invalid.
return render_template("login.html", error=error)
To access parameters submitted in the URL (``?key=value``) you can use the
:attr:`~flask.Request.args` attribute::
If the key does not exist in ``form``, a special :exc:`KeyError` is raised. You
can catch it like a normal ``KeyError``, otherwise it will return a HTTP 400
Bad Request error page. You can also use the
:meth:`~werkzeug.datastructures.MultiDict.get` method to get a default
instead of an error.
To access parameters submitted in the URL (``?key=value``), use the
:attr:`~.Request.args` attribute. Key errors behave the same as ``form``,
returning a 400 response if not caught.
.. code-block:: python
searchword = request.args.get('key', '')
We recommend accessing URL parameters with `get` or by catching the
:exc:`KeyError` because users might change the URL and presenting them a 400
bad request page in that case is not user friendly.
For a full list of methods and attributes of the request object, head over
to the :class:`~flask.Request` documentation.
For a full list of methods and attributes of the request object, see the
:class:`~.Request` documentation.
File Uploads

241
docs/reqcontext.rst
View file

@ -1,243 +1,6 @@
.. currentmodule:: flask
:orphan:
The Request Context
===================
The request context keeps track of the request-level data during a
request. Rather than passing the request object to each function that
runs during a request, the :data:`request` and :data:`session` proxies
are accessed instead.
This is similar to :doc:`/appcontext`, which keeps track of the
application-level data independent of a request. A corresponding
application context is pushed when a request context is pushed.
Purpose of the Context
----------------------
When the :class:`Flask` application handles a request, it creates a
:class:`Request` object based on the environment it received from the
WSGI server. Because a *worker* (thread, process, or coroutine depending
on the server) handles only one request at a time, the request data can
be considered global to that worker during that request. Flask uses the
term *context local* for this.
Flask automatically *pushes* a request context when handling a request.
View functions, error handlers, and other functions that run during a
request will have access to the :data:`request` proxy, which points to
the request object for the current request.
Lifetime of the Context
-----------------------
When a Flask application begins handling a request, it pushes a request
context, which also pushes an :doc:`app context </appcontext>`. When the
request ends it pops the request context then the application context.
The context is unique to each thread (or other worker type).
:data:`request` cannot be passed to another thread, the other thread has
a different context space and will not know about the request the parent
thread was pointing to.
Context locals are implemented using Python's :mod:`contextvars` and
Werkzeug's :class:`~werkzeug.local.LocalProxy`. Python manages the
lifetime of context vars automatically, and local proxy wraps that
low-level interface to make the data easier to work with.
Manually Push a Context
-----------------------
If you try to access :data:`request`, or anything that uses it, outside
a request context, you'll get this error message:
.. code-block:: pytb
RuntimeError: Working outside of request context.
This typically means that you attempted to use functionality that
needed an active HTTP request. Consult the documentation on testing
for information about how to avoid this problem.
This should typically only happen when testing code that expects an
active request. One option is to use the
:meth:`test client <Flask.test_client>` to simulate a full request. Or
you can use :meth:`~Flask.test_request_context` in a ``with`` block, and
everything that runs in the block will have access to :data:`request`,
populated with your test data. ::
def generate_report(year):
format = request.args.get("format")
...
with app.test_request_context(
"/make_report/2017", query_string={"format": "short"}
):
generate_report()
If you see that error somewhere else in your code not related to
testing, it most likely indicates that you should move that code into a
view function.
For information on how to use the request context from the interactive
Python shell, see :doc:`/shell`.
How the Context Works
---------------------
The :meth:`Flask.wsgi_app` method is called to handle each request. It
manages the contexts during the request. Internally, the request and
application contexts work like stacks. When contexts are pushed, the
proxies that depend on them are available and point at information from
the top item.
When the request starts, a :class:`~ctx.RequestContext` is created and
pushed, which creates and pushes an :class:`~ctx.AppContext` first if
a context for that application is not already the top context. While
these contexts are pushed, the :data:`current_app`, :data:`g`,
:data:`request`, and :data:`session` proxies are available to the
original thread handling the request.
Other contexts may be pushed to change the proxies during a request.
While this is not a common pattern, it can be used in advanced
applications to, for example, do internal redirects or chain different
applications together.
After the request is dispatched and a response is generated and sent,
the request context is popped, which then pops the application context.
Immediately before they are popped, the :meth:`~Flask.teardown_request`
and :meth:`~Flask.teardown_appcontext` functions are executed. These
execute even if an unhandled exception occurred during dispatch.
.. _callbacks-and-errors:
Callbacks and Errors
--------------------
Flask dispatches a request in multiple stages which can affect the
request, response, and how errors are handled. The contexts are active
during all of these stages.
A :class:`Blueprint` can add handlers for these events that are specific
to the blueprint. The handlers for a blueprint will run if the blueprint
owns the route that matches the request.
#. Before each request, :meth:`~Flask.before_request` functions are
called. If one of these functions return a value, the other
functions are skipped. The return value is treated as the response
and the view function is not called.
#. If the :meth:`~Flask.before_request` functions did not return a
response, the view function for the matched route is called and
returns a response.
#. The return value of the view is converted into an actual response
object and passed to the :meth:`~Flask.after_request`
functions. Each function returns a modified or new response object.
#. After the response is returned, the contexts are popped, which calls
the :meth:`~Flask.teardown_request` and
:meth:`~Flask.teardown_appcontext` functions. These functions are
called even if an unhandled exception was raised at any point above.
If an exception is raised before the teardown functions, Flask tries to
match it with an :meth:`~Flask.errorhandler` function to handle the
exception and return a response. If no error handler is found, or the
handler itself raises an exception, Flask returns a generic
``500 Internal Server Error`` response. The teardown functions are still
called, and are passed the exception object.
If debug mode is enabled, unhandled exceptions are not converted to a
``500`` response and instead are propagated to the WSGI server. This
allows the development server to present the interactive debugger with
the traceback.
Teardown Callbacks
~~~~~~~~~~~~~~~~~~
The teardown callbacks are independent of the request dispatch, and are
instead called by the contexts when they are popped. The functions are
called even if there is an unhandled exception during dispatch, and for
manually pushed contexts. This means there is no guarantee that any
other parts of the request dispatch have run first. Be sure to write
these functions in a way that does not depend on other callbacks and
will not fail.
During testing, it can be useful to defer popping the contexts after the
request ends, so that their data can be accessed in the test function.
Use the :meth:`~Flask.test_client` as a ``with`` block to preserve the
contexts until the ``with`` block exits.
.. code-block:: python
from flask import Flask, request
app = Flask(__name__)
@app.route('/')
def hello():
print('during view')
return 'Hello, World!'
@app.teardown_request
def show_teardown(exception):
print('after with block')
with app.test_request_context():
print('during with block')
# teardown functions are called after the context with block exits
with app.test_client() as client:
client.get('/')
# the contexts are not popped even though the request ended
print(request.path)
# the contexts are popped and teardown functions are called after
# the client with block exits
Signals
~~~~~~~
The following signals are sent:
#. :data:`request_started` is sent before the :meth:`~Flask.before_request` functions
are called.
#. :data:`request_finished` is sent after the :meth:`~Flask.after_request` functions
are called.
#. :data:`got_request_exception` is sent when an exception begins to be handled, but
before an :meth:`~Flask.errorhandler` is looked up or called.
#. :data:`request_tearing_down` is sent after the :meth:`~Flask.teardown_request`
functions are called.
.. _notes-on-proxies:
Notes On Proxies
----------------
Some of the objects provided by Flask are proxies to other objects. The
proxies are accessed in the same way for each worker thread, but
point to the unique object bound to each worker behind the scenes as
described on this page.
Most of the time you don't have to care about that, but there are some
exceptions where it is good to know that this object is actually a proxy:
- The proxy objects cannot fake their type as the actual object types.
If you want to perform instance checks, you have to do that on the
object being proxied.
- The reference to the proxied object is needed in some situations,
such as sending :doc:`signals` or passing data to a background
thread.
If you need to access the underlying object that is proxied, use the
:meth:`~werkzeug.local.LocalProxy._get_current_object` method::
app = current_app._get_current_object()
my_signal.send(app)
Obsolete, see :doc:`/appcontext` instead.

51
docs/shell.rst
View file

@ -1,56 +1,37 @@
Working with the Shell
======================
.. versionadded:: 0.3
One of the reasons everybody loves Python is the interactive shell. It allows
you to play around with code in real time and immediately get results back.
Flask provides the ``flask shell`` CLI command to start an interactive Python
shell with some setup done to make working with the Flask app easier.
One of the reasons everybody loves Python is the interactive shell. It
basically allows you to execute Python commands in real time and
immediately get results back. Flask itself does not come with an
interactive shell, because it does not require any specific setup upfront,
just import your application and start playing around.
.. code-block:: text
There are however some handy helpers to make playing around in the shell a
more pleasant experience. The main issue with interactive console
sessions is that you're not triggering a request like a browser does which
means that :data:`~flask.g`, :data:`~flask.request` and others are not
available. But the code you want to test might depend on them, so what
can you do?
This is where some helper functions come in handy. Keep in mind however
that these functions are not only there for interactive shell usage, but
also for unit testing and other situations that require a faked request
context.
Generally it's recommended that you read :doc:`reqcontext` first.
Command Line Interface
----------------------
Starting with Flask 0.11 the recommended way to work with the shell is the
``flask shell`` command which does a lot of this automatically for you.
For instance the shell is automatically initialized with a loaded
application context.
For more information see :doc:`/cli`.
$ flask shell
Creating a Request Context
--------------------------
``flask shell`` pushes an app context automatically, so :data:`.current_app` and
:data:`.g` are already available. However, there is no HTTP request being
handled in the shell, so :data:`.request` and :data:`.session` are not yet
available.
The easiest way to create a proper request context from the shell is by
using the :attr:`~flask.Flask.test_request_context` method which creates
us a :class:`~flask.ctx.RequestContext`:
>>> ctx = app.test_request_context()
Normally you would use the ``with`` statement to make this request object
active, but in the shell it's easier to use the
:meth:`~flask.ctx.RequestContext.push` and
:meth:`~flask.ctx.RequestContext.pop` methods by hand:
Normally you would use the ``with`` statement to make this context active, but
in the shell it's easier to call :meth:`~.RequestContext.push` and
:meth:`~.RequestContext.pop` manually:
>>> ctx.push()
From that point onwards you can work with the request object until you
call `pop`:
From that point onwards you can work with the request object until you call
``pop``:
>>> ctx.pop()

9
docs/signals.rst
View file

@ -144,11 +144,10 @@ function, you can pass ``current_app._get_current_object()`` as sender.
Signals and Flask's Request Context
-----------------------------------
Signals fully support :doc:`reqcontext` when receiving signals.
Context-local variables are consistently available between
:data:`~flask.request_started` and :data:`~flask.request_finished`, so you can
rely on :class:`flask.g` and others as needed. Note the limitations described
in :ref:`signals-sending` and the :data:`~flask.request_tearing_down` signal.
Context-local proxies are available between :data:`~flask.request_started` and
:data:`~flask.request_finished`, so you can rely on :class:`flask.g` and others
as needed. Note the limitations described in :ref:`signals-sending` and the
:data:`~flask.request_tearing_down` signal.
Decorator Based Signal Subscriptions

72
docs/templating.rst
View file

@ -137,32 +137,58 @@ using in this block.
.. _registering-filters:
Registering Filters
-------------------
Registering Filters, Tests, and Globals
---------------------------------------
If you want to register your own filters in Jinja you have two ways to do
that. You can either put them by hand into the
:attr:`~flask.Flask.jinja_env` of the application or use the
:meth:`~flask.Flask.template_filter` decorator.
The Flask app and blueprints provide decorators and methods to register your own
filters, tests, and global functions for use in Jinja templates. They all follow
the same pattern, so the following examples only discuss filters.
The two following examples work the same and both reverse an object::
Decorate a function with :meth:`~.Flask.template_filter` to register it as a
template filter.
@app.template_filter('reverse')
def reverse_filter(s):
return s[::-1]
.. code-block:: python
def reverse_filter(s):
return s[::-1]
app.jinja_env.filters['reverse'] = reverse_filter
@app.template_filter
def reverse(s):
return reversed(s)
In case of the decorator the argument is optional if you want to use the
function name as name of the filter. Once registered, you can use the filter
in your templates in the same way as Jinja's builtin filters, for example if
you have a Python list in context called `mylist`::
.. code-block:: jinja
{% for x in mylist | reverse %}
{% for item in data | reverse %}
{% endfor %}
By default it will use the name of the function as the name of the filter, but
that can be changed by passing a name to the decorator.
.. code-block:: python
@app.template_filter("reverse")
def reverse_filter(s):
return reversed(s)
A filter can be registered separately using :meth:`~.Flask.add_template_filter`.
The name is optional and will use the function name if not given.
.. code-block:: python
def reverse_filter(s):
return reversed(s)
app.add_template_filter(reverse_filter, "reverse")
For template tests, use the :meth:`~.Flask.template_test` decorator or
:meth:`~.Flask.add_template_test` method. For template global functions, use the
:meth:`~.Flask.template_global` decorator or :meth:`~.Flask.add_template_global`
method.
The same methods also exist on :class:`.Blueprint`, prefixed with ``app_`` to
indicate that the registered functions will be available to all templates, not
only when rendering from within the blueprint.
The Jinja environment is also available as :attr:`~.Flask.jinja_env`. It may be
modified directly, as you would when using Jinja outside Flask.
Context Processors
------------------
@ -225,5 +251,11 @@ functions to make this easier to use.
return stream_template("timeline.html")
These functions automatically apply the
:func:`~flask.stream_with_context` wrapper if a request is active, so
that it remains available in the template.
:func:`~flask.stream_with_context` wrapper if a request is active, so that
:data:`.request`, :data:`.session`, and :data:`.g` remain available in the
template.
More headers cannot be sent after the body has begun. Therefore, you must
make sure all headers are set before starting the response. In particular,
if the template will access ``session``, be sure to do so in the view as
well so that the ``Vary: cookie`` header will be set.

9
docs/testing.rst
View file

@ -275,11 +275,10 @@ command from the command line.
Tests that depend on an Active Context
--------------------------------------
You may have functions that are called from views or commands, that
expect an active :doc:`application context </appcontext>` or
:doc:`request context </reqcontext>` because they access ``request``,
``session``, or ``current_app``. Rather than testing them by making a
request or invoking the command, you can create and activate a context
You may have functions that are called from views or commands, that expect an
active :doc:`app context </appcontext>` because they access :data:`.request`,
:data:`.session`, :data:`.g`, or :data:`.current_app`. Rather than testing them by
making a request or invoking the command, you can create and activate a context
directly.
Use ``with app.app_context()`` to push an application context. For

2
docs/tutorial/blog.rst
View file

@ -305,7 +305,7 @@ The pattern ``{{ request.form['title'] or post['title'] }}`` is used to
choose what data appears in the form. When the form hasn't been
submitted, the original ``post`` data appears, but if invalid form data
was posted you want to display that so the user can fix the error, so
``request.form`` is used instead. :data:`request` is another variable
``request.form`` is used instead. :data:`.request` is another variable
that's automatically available in templates.

6
docs/tutorial/database.rst
View file

@ -60,17 +60,17 @@ response is sent.
if db is not None:
db.close()
:data:`g` is a special object that is unique for each request. It is
:data:`.g` is a special object that is unique for each request. It is
used to store data that might be accessed by multiple functions during
the request. The connection is stored and reused instead of creating a
new connection if ``get_db`` is called a second time in the same
request.
:data:`current_app` is another special object that points to the Flask
:data:`.current_app` is another special object that points to the Flask
application handling the request. Since you used an application factory,
there is no application object when writing the rest of your code.
``get_db`` will be called when the application has been created and is
handling a request, so :data:`current_app` can be used.
handling a request, so :data:`.current_app` can be used.
:func:`sqlite3.connect` establishes a connection to the file pointed at
by the ``DATABASE`` configuration key. This file doesn't have to exist

5
docs/tutorial/factory.rst
View file

@ -56,10 +56,7 @@ directory should be treated as a package.
app.config.from_mapping(test_config)
# ensure the instance folder exists
try:
os.makedirs(app.instance_path)
except OSError:
pass
os.makedirs(app.instance_path, exist_ok=True)
# a simple page that says hello
@app.route('/hello')

7
docs/tutorial/layout.rst
View file

@ -81,8 +81,7 @@ By the end, your project layout will look like this:
│ ├── test_auth.py
│ └── test_blog.py
├── .venv/
├── pyproject.toml
└── MANIFEST.in
└── pyproject.toml
If you're using version control, the following files that are generated
while running your project should be ignored. There may be other files
@ -103,8 +102,4 @@ write. For example, with git:
.coverage
htmlcov/
dist/
build/
*.egg-info/
Continue to :doc:`factory`.

2
docs/tutorial/templates.rst
View file

@ -71,7 +71,7 @@ specific sections.
{% block content %}{% endblock %}
</section>
:data:`g` is automatically available in templates. Based on if
:data:`.g` is automatically available in templates. Based on if
``g.user`` is set (from ``load_logged_in_user``), either the username
and a log out link are displayed, or links to register and log in
are displayed. :func:`url_for` is also automatically available, and is

6
docs/tutorial/tests.rst
View file

@ -311,7 +311,7 @@ input and error messages without writing the same code three times.
The tests for the ``login`` view are very similar to those for
``register``. Rather than testing the data in the database,
:data:`session` should have ``user_id`` set after logging in.
:data:`.session` should have ``user_id`` set after logging in.
.. code-block:: python
:caption: ``tests/test_auth.py``
@ -336,10 +336,10 @@ The tests for the ``login`` view are very similar to those for
assert message in response.data
Using ``client`` in a ``with`` block allows accessing context variables
such as :data:`session` after the response is returned. Normally,
such as :data:`.session` after the response is returned. Normally,
accessing ``session`` outside of a request would raise an error.
Testing ``logout`` is the opposite of ``login``. :data:`session` should
Testing ``logout`` is the opposite of ``login``. :data:`.session` should
not contain ``user_id`` after logging out.
.. code-block:: python

8
docs/tutorial/views.rst
View file

@ -208,13 +208,13 @@ There are a few differences from the ``register`` view:
password in the same way as the stored hash and securely compares
them. If they match, the password is valid.
#. :data:`session` is a :class:`dict` that stores data across requests.
#. :data:`.session` is a :class:`dict` that stores data across requests.
When validation succeeds, the user's ``id`` is stored in a new
session. The data is stored in a *cookie* that is sent to the
browser, and the browser then sends it back with subsequent requests.
Flask securely *signs* the data so that it can't be tampered with.
Now that the user's ``id`` is stored in the :data:`session`, it will be
Now that the user's ``id`` is stored in the :data:`.session`, it will be
available on subsequent requests. At the beginning of each request, if
a user is logged in their information should be loaded and made
available to other views.
@ -236,7 +236,7 @@ available to other views.
:meth:`bp.before_app_request() <Blueprint.before_app_request>` registers
a function that runs before the view function, no matter what URL is
requested. ``load_logged_in_user`` checks if a user id is stored in the
:data:`session` and gets that user's data from the database, storing it
:data:`.session` and gets that user's data from the database, storing it
on :data:`g.user <g>`, which lasts for the length of the request. If
there is no user id, or if the id doesn't exist, ``g.user`` will be
``None``.
@ -245,7 +245,7 @@ there is no user id, or if the id doesn't exist, ``g.user`` will be
Logout
------
To log out, you need to remove the user id from the :data:`session`.
To log out, you need to remove the user id from the :data:`.session`.
Then ``load_logged_in_user`` won't load a user on subsequent requests.
.. code-block:: python

5
examples/tutorial/flaskr/__init__.py
View file

@ -21,10 +21,7 @@ def create_app(test_config=None):
app.config.update(test_config)
# ensure the instance folder exists
try:
os.makedirs(app.instance_path)
except OSError:
pass
os.makedirs(app.instance_path, exist_ok=True)
@app.route("/hello")
def hello():

22
pyproject.toml
View file

@ -1,6 +1,6 @@
[project]
name = "Flask"
version = "3.1.2"
version = "3.2.0.dev"
description = "A simple framework for building complex web applications."
readme = "README.md"
license = "BSD-3-Clause"
@ -19,11 +19,10 @@ classifiers = [
"Topic :: Software Development :: Libraries :: Application Frameworks",
"Typing :: Typed",
]
requires-python = ">=3.9"
requires-python = ">=3.10"
dependencies = [
"blinker>=1.9.0",
"click>=8.1.3",
"importlib-metadata>=3.6.0; python_version < '3.10'",
"itsdangerous>=2.2.0",
"jinja2>=3.1.2",
"markupsafe>=2.1.1",
@ -42,7 +41,7 @@ dev = [
]
docs = [
"pallets-sphinx-themes",
"sphinx",
"sphinx<9",
"sphinx-tabs",
"sphinxcontrib-log-cabinet",
]
@ -58,7 +57,6 @@ pre-commit = [
]
tests = [
"asgiref",
"greenlet ; python_version < '3.11'",
"pytest",
"python-dotenv",
]
@ -84,7 +82,7 @@ Chat = "https://discord.gg/pallets"
flask = "flask.cli:main"
[build-system]
requires = ["flit_core<4"]
requires = ["flit_core>=3.11,<4"]
build-backend = "flit_core.buildapi"
[tool.flit.module]
@ -126,7 +124,7 @@ exclude_also = [
]
[tool.mypy]
python_version = "3.9"
python_version = "3.10"
files = ["src", "tests/type_check"]
show_error_codes = true
pretty = true
@ -142,7 +140,7 @@ module = [
ignore_missing_imports = true
[tool.pyright]
pythonVersion = "3.9"
pythonVersion = "3.10"
include = ["src", "tests/type_check"]
typeCheckingMode = "basic"
@ -166,9 +164,13 @@ select = [
force-single-line = true
order-by-type = false
[tool.codespell]
ignore-words-list = "te"
[tool.tox]
env_list = [
"py3.13", "py3.12", "py3.11", "py3.10", "py3.9",
"py3.14", "py3.14t",
"py3.13", "py3.12", "py3.11", "py3.10",
"pypy3.11",
"tests-min", "tests-dev",
"style",
@ -192,7 +194,7 @@ commands = [[
[tool.tox.env.tests-min]
description = "pytest on minimum dependency versions"
base_python = ["3.13"]
base_python = ["3.14"]
commands = [
[
"uv", "pip", "install",

22
src/flask/__init__.py
View file

@ -1,7 +1,3 @@
from __future__ import annotations
import typing as t
from . import json as json
from .app import Flask as Flask
from .blueprints import Blueprint as Blueprint
@ -41,21 +37,3 @@ from .templating import stream_template as stream_template
from .templating import stream_template_string as stream_template_string
from .wrappers import Request as Request
from .wrappers import Response as Response
if not t.TYPE_CHECKING:
def __getattr__(name: str) -> t.Any:
if name == "__version__":
import importlib.metadata
import warnings
warnings.warn(
"The '__version__' attribute is deprecated and will be removed in"
" Flask 3.2. Use feature detection or"
" 'importlib.metadata.version(\"flask\")' instead.",
DeprecationWarning,
stacklevel=2,
)
return importlib.metadata.version("flask")
raise AttributeError(name)

361
src/flask/app.py
View file

@ -1,11 +1,13 @@
from __future__ import annotations
import collections.abc as cabc
import inspect
import os
import sys
import typing as t
import weakref
from datetime import timedelta
from functools import update_wrapper
from inspect import iscoroutinefunction
from itertools import chain
from types import TracebackType
@ -29,20 +31,17 @@ from werkzeug.wsgi import get_host
from . import cli
from . import typing as ft
from .ctx import AppContext
from .ctx import RequestContext
from .globals import _cv_app
from .globals import _cv_request
from .globals import current_app
from .globals import app_ctx
from .globals import g
from .globals import request
from .globals import request_ctx
from .globals import session
from .helpers import _CollectErrors
from .helpers import get_debug_flag
from .helpers import get_flashed_messages
from .helpers import get_load_dotenv
from .helpers import send_from_directory
from .sansio.app import App
from .sansio.scaffold import _sentinel
from .sessions import SecureCookieSessionInterface
from .sessions import SessionInterface
from .signals import appcontext_tearing_down
@ -78,6 +77,35 @@ def _make_timedelta(value: timedelta | int | None) -> timedelta | None:
return timedelta(seconds=value)
F = t.TypeVar("F", bound=t.Callable[..., t.Any])
# Other methods may call the overridden method with the new ctx arg. Remove it
# and call the method with the remaining args.
def remove_ctx(f: F) -> F:
def wrapper(self: Flask, *args: t.Any, **kwargs: t.Any) -> t.Any:
if args and isinstance(args[0], AppContext):
args = args[1:]
return f(self, *args, **kwargs)
return update_wrapper(wrapper, f) # type: ignore[return-value]
# The overridden method may call super().base_method without the new ctx arg.
# Add it to the args for the call.
def add_ctx(f: F) -> F:
def wrapper(self: Flask, *args: t.Any, **kwargs: t.Any) -> t.Any:
if not args:
args = (app_ctx._get_current_object(),)
elif not isinstance(args[0], AppContext):
args = (app_ctx._get_current_object(), *args)
return f(self, *args, **kwargs)
return update_wrapper(wrapper, f) # type: ignore[return-value]
class Flask(App):
"""The flask object implements a WSGI application and acts as the central
object. It is passed the name of the module or package of the
@ -223,6 +251,62 @@ class Flask(App):
#: .. versionadded:: 0.8
session_interface: SessionInterface = SecureCookieSessionInterface()
def __init_subclass__(cls, **kwargs: t.Any) -> None:
import warnings
# These method signatures were updated to take a ctx param. Detect
# overridden methods in subclasses that still have the old signature.
# Show a deprecation warning and wrap to call with correct args.
for method in (
cls.handle_http_exception,
cls.handle_user_exception,
cls.handle_exception,
cls.log_exception,
cls.dispatch_request,
cls.full_dispatch_request,
cls.finalize_request,
cls.make_default_options_response,
cls.preprocess_request,
cls.process_response,
cls.do_teardown_request,
cls.do_teardown_appcontext,
):
base_method = getattr(Flask, method.__name__)
if method is base_method:
# not overridden
continue
# get the second parameter (first is self)
iter_params = iter(inspect.signature(method).parameters.values())
next(iter_params)
param = next(iter_params, None)
# must have second parameter named ctx or annotated AppContext
if param is None or not (
# no annotation, match name
(param.annotation is inspect.Parameter.empty and param.name == "ctx")
or (
# string annotation, access path ends with AppContext
isinstance(param.annotation, str)
and param.annotation.rpartition(".")[2] == "AppContext"
)
or (
# class annotation
inspect.isclass(param.annotation)
and issubclass(param.annotation, AppContext)
)
):
warnings.warn(
f"The '{method.__name__}' method now takes 'ctx: AppContext'"
" as the first parameter. The old signature is deprecated"
" and will not be supported in Flask 4.0.",
DeprecationWarning,
stacklevel=2,
)
setattr(cls, method.__name__, remove_ctx(method))
setattr(Flask, method.__name__, add_ctx(base_method))
def __init__(
self,
import_name: str,
@ -275,7 +359,7 @@ class Flask(App):
f"{self.static_url_path}/<path:filename>",
endpoint="static",
host=static_host,
view_func=lambda **kw: self_ref().send_static_file(**kw), # type: ignore # noqa: B950
view_func=lambda **kw: self_ref().send_static_file(**kw), # type: ignore
)
def get_send_file_max_age(self, filename: str | None) -> int | None:
@ -295,7 +379,7 @@ class Flask(App):
.. versionadded:: 0.9
"""
value = current_app.config["SEND_FILE_MAX_AGE_DEFAULT"]
value = self.config["SEND_FILE_MAX_AGE_DEFAULT"]
if value is None:
return None
@ -503,7 +587,9 @@ class Flask(App):
raise FormDataRoutingRedirect(request)
def update_template_context(self, context: dict[str, t.Any]) -> None:
def update_template_context(
self, ctx: AppContext, context: dict[str, t.Any]
) -> None:
"""Update the template context with some commonly used variables.
This injects request, session, config and g into the template
context as well as everything template context processors want
@ -517,8 +603,8 @@ class Flask(App):
names: t.Iterable[str | None] = (None,)
# A template may be rendered outside a request context.
if request:
names = chain(names, reversed(request.blueprints))
if ctx.has_request:
names = chain(names, reversed(ctx.request.blueprints))
# The values passed to render_template take precedence. Keep a
# copy to re-apply after all context functions.
@ -742,7 +828,7 @@ class Flask(App):
return cls(self, **kwargs) # type: ignore
def handle_http_exception(
self, e: HTTPException
self, ctx: AppContext, e: HTTPException
) -> HTTPException | ft.ResponseReturnValue:
"""Handles an HTTP exception. By default this will invoke the
registered error handlers and fall back to returning the
@ -771,13 +857,13 @@ class Flask(App):
if isinstance(e, RoutingException):
return e
handler = self._find_error_handler(e, request.blueprints)
handler = self._find_error_handler(e, ctx.request.blueprints)
if handler is None:
return e
return self.ensure_sync(handler)(e) # type: ignore[no-any-return]
def handle_user_exception(
self, e: Exception
self, ctx: AppContext, e: Exception
) -> HTTPException | ft.ResponseReturnValue:
"""This method is called whenever an exception occurs that
should be handled. A special case is :class:`~werkzeug
@ -799,16 +885,16 @@ class Flask(App):
e.show_exception = True
if isinstance(e, HTTPException) and not self.trap_http_exception(e):
return self.handle_http_exception(e)
return self.handle_http_exception(ctx, e)
handler = self._find_error_handler(e, request.blueprints)
handler = self._find_error_handler(e, ctx.request.blueprints)
if handler is None:
raise
return self.ensure_sync(handler)(e) # type: ignore[no-any-return]
def handle_exception(self, e: Exception) -> Response:
def handle_exception(self, ctx: AppContext, e: Exception) -> Response:
"""Handle an exception that did not have an error handler
associated with it, or that was raised from an error handler.
This always causes a 500 ``InternalServerError``.
@ -851,19 +937,20 @@ class Flask(App):
raise e
self.log_exception(exc_info)
self.log_exception(ctx, exc_info)
server_error: InternalServerError | ft.ResponseReturnValue
server_error = InternalServerError(original_exception=e)
handler = self._find_error_handler(server_error, request.blueprints)
handler = self._find_error_handler(server_error, ctx.request.blueprints)
if handler is not None:
server_error = self.ensure_sync(handler)(server_error)
return self.finalize_request(server_error, from_error_handler=True)
return self.finalize_request(ctx, server_error, from_error_handler=True)
def log_exception(
self,
exc_info: (tuple[type, BaseException, TracebackType] | tuple[None, None, None]),
ctx: AppContext,
exc_info: tuple[type, BaseException, TracebackType] | tuple[None, None, None],
) -> None:
"""Logs an exception. This is called by :meth:`handle_exception`
if debugging is disabled and right before the handler is called.
@ -873,10 +960,10 @@ class Flask(App):
.. versionadded:: 0.8
"""
self.logger.error(
f"Exception on {request.path} [{request.method}]", exc_info=exc_info
f"Exception on {ctx.request.path} [{ctx.request.method}]", exc_info=exc_info
)
def dispatch_request(self) -> ft.ResponseReturnValue:
def dispatch_request(self, ctx: AppContext) -> ft.ResponseReturnValue:
"""Does the request dispatching. Matches the URL and returns the
return value of the view or error handler. This does not have to
be a response object. In order to convert the return value to a
@ -886,7 +973,8 @@ class Flask(App):
This no longer does the exception handling, this code was
moved to the new :meth:`full_dispatch_request`.
"""
req = request_ctx.request
req = ctx.request
if req.routing_exception is not None:
self.raise_routing_exception(req)
rule: Rule = req.url_rule # type: ignore[assignment]
@ -896,31 +984,43 @@ class Flask(App):
getattr(rule, "provide_automatic_options", False)
and req.method == "OPTIONS"
):
return self.make_default_options_response()
return self.make_default_options_response(ctx)
# otherwise dispatch to the handler for that endpoint
view_args: dict[str, t.Any] = req.view_args # type: ignore[assignment]
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args) # type: ignore[no-any-return]
def full_dispatch_request(self) -> Response:
def full_dispatch_request(self, ctx: AppContext) -> Response:
"""Dispatches the request and on top of that performs request
pre and postprocessing as well as HTTP exception catching and
error handling.
.. versionadded:: 0.7
"""
if not self._got_first_request and self.should_ignore_error is not None:
import warnings
warnings.warn(
"The 'should_ignore_error' method is deprecated and will"
" be removed in Flask 3.3. Handle errors as needed in"
" teardown handlers instead.",
DeprecationWarning,
stacklevel=1,
)
self._got_first_request = True
try:
request_started.send(self, _async_wrapper=self.ensure_sync)
rv = self.preprocess_request()
rv = self.preprocess_request(ctx)
if rv is None:
rv = self.dispatch_request()
rv = self.dispatch_request(ctx)
except Exception as e:
rv = self.handle_user_exception(e)
return self.finalize_request(rv)
rv = self.handle_user_exception(ctx, e)
return self.finalize_request(ctx, rv)
def finalize_request(
self,
ctx: AppContext,
rv: ft.ResponseReturnValue | HTTPException,
from_error_handler: bool = False,
) -> Response:
@ -938,7 +1038,7 @@ class Flask(App):
"""
response = self.make_response(rv)
try:
response = self.process_response(response)
response = self.process_response(ctx, response)
request_finished.send(
self, _async_wrapper=self.ensure_sync, response=response
)
@ -950,15 +1050,14 @@ class Flask(App):
)
return response
def make_default_options_response(self) -> Response:
def make_default_options_response(self, ctx: AppContext) -> Response:
"""This method is called to create the default ``OPTIONS`` response.
This can be changed through subclassing to change the default
behavior of ``OPTIONS`` responses.
.. versionadded:: 0.7
"""
adapter = request_ctx.url_adapter
methods = adapter.allowed_methods() # type: ignore[union-attr]
methods = ctx.url_adapter.allowed_methods() # type: ignore[union-attr]
rv = self.response_class()
rv.allow.update(methods)
return rv
@ -1057,11 +1156,9 @@ class Flask(App):
.. versionadded:: 2.2
Moved from ``flask.url_for``, which calls this method.
"""
req_ctx = _cv_request.get(None)
if req_ctx is not None:
url_adapter = req_ctx.url_adapter
blueprint_name = req_ctx.request.blueprint
if (ctx := _cv_app.get(None)) is not None and ctx.has_request:
url_adapter = ctx.url_adapter
blueprint_name = ctx.request.blueprint
# If the endpoint starts with "." and the request matches a
# blueprint, the endpoint is relative to the blueprint.
@ -1076,13 +1173,11 @@ class Flask(App):
if _external is None:
_external = _scheme is not None
else:
app_ctx = _cv_app.get(None)
# If called by helpers.url_for, an app context is active,
# use its url_adapter. Otherwise, app.url_for was called
# directly, build an adapter.
if app_ctx is not None:
url_adapter = app_ctx.url_adapter
if ctx is not None:
url_adapter = ctx.url_adapter
else:
url_adapter = self.create_url_adapter(None)
@ -1268,7 +1363,7 @@ class Flask(App):
return rv
def preprocess_request(self) -> ft.ResponseReturnValue | None:
def preprocess_request(self, ctx: AppContext) -> ft.ResponseReturnValue | None:
"""Called before the request is dispatched. Calls
:attr:`url_value_preprocessors` registered with the app and the
current blueprint (if any). Then calls :attr:`before_request_funcs`
@ -1278,12 +1373,13 @@ class Flask(App):
value is handled as if it was the return value from the view, and
further request handling is stopped.
"""
names = (None, *reversed(request.blueprints))
req = ctx.request
names = (None, *reversed(req.blueprints))
for name in names:
if name in self.url_value_preprocessors:
for url_func in self.url_value_preprocessors[name]:
url_func(request.endpoint, request.view_args)
url_func(req.endpoint, req.view_args)
for name in names:
if name in self.before_request_funcs:
@ -1295,7 +1391,7 @@ class Flask(App):
return None
def process_response(self, response: Response) -> Response:
def process_response(self, ctx: AppContext, response: Response) -> Response:
"""Can be overridden in order to modify the response object
before it's sent to the WSGI server. By default this will
call all the :meth:`after_request` decorated functions.
@ -1308,92 +1404,90 @@ class Flask(App):
:return: a new response object or the same, has to be an
instance of :attr:`response_class`.
"""
ctx = request_ctx._get_current_object() # type: ignore[attr-defined]
for func in ctx._after_request_functions:
response = self.ensure_sync(func)(response)
for name in chain(request.blueprints, (None,)):
for name in chain(ctx.request.blueprints, (None,)):
if name in self.after_request_funcs:
for func in reversed(self.after_request_funcs[name]):
response = self.ensure_sync(func)(response)
if not self.session_interface.is_null_session(ctx.session):
self.session_interface.save_session(self, ctx.session, response)
if not self.session_interface.is_null_session(ctx._get_session()):
self.session_interface.save_session(self, ctx._get_session(), response)
return response
def do_teardown_request(
self,
exc: BaseException | None = _sentinel, # type: ignore[assignment]
self, ctx: AppContext, exc: BaseException | None = None
) -> None:
"""Called after the request is dispatched and the response is
returned, right before the request context is popped.
"""Called after the request is dispatched and the response is finalized,
right before the request context is popped. Called by
:meth:`.AppContext.pop`.
This calls all functions decorated with
:meth:`teardown_request`, and :meth:`Blueprint.teardown_request`
if a blueprint handled the request. Finally, the
:data:`request_tearing_down` signal is sent.
This calls all functions decorated with :meth:`teardown_request`, and
:meth:`Blueprint.teardown_request` if a blueprint handled the request.
Finally, the :data:`request_tearing_down` signal is sent.
This is called by
:meth:`RequestContext.pop() <flask.ctx.RequestContext.pop>`,
which may be delayed during testing to maintain access to
resources.
:param exc: An unhandled exception raised while dispatching the request.
Passed to each teardown function.
:param exc: An unhandled exception raised while dispatching the
request. Detected from the current exception information if
not passed. Passed to each teardown function.
.. versionchanged:: 3.2
All callbacks are called rather than stopping on the first error.
.. versionchanged:: 0.9
Added the ``exc`` argument.
"""
if exc is _sentinel:
exc = sys.exc_info()[1]
collect_errors = _CollectErrors()
for name in chain(request.blueprints, (None,)):
for name in chain(ctx.request.blueprints, (None,)):
if name in self.teardown_request_funcs:
for func in reversed(self.teardown_request_funcs[name]):
self.ensure_sync(func)(exc)
with collect_errors:
self.ensure_sync(func)(exc)
request_tearing_down.send(self, _async_wrapper=self.ensure_sync, exc=exc)
with collect_errors:
request_tearing_down.send(self, _async_wrapper=self.ensure_sync, exc=exc)
collect_errors.raise_any("Errors during request teardown")
def do_teardown_appcontext(
self,
exc: BaseException | None = _sentinel, # type: ignore[assignment]
self, ctx: AppContext, exc: BaseException | None = None
) -> None:
"""Called right before the application context is popped.
"""Called right before the application context is popped. Called by
:meth:`.AppContext.pop`.
When handling a request, the application context is popped
after the request context. See :meth:`do_teardown_request`.
This calls all functions decorated with :meth:`teardown_appcontext`.
Then the :data:`appcontext_tearing_down` signal is sent.
This calls all functions decorated with
:meth:`teardown_appcontext`. Then the
:data:`appcontext_tearing_down` signal is sent.
:param exc: An unhandled exception raised while the context was active.
Passed to each teardown function.
This is called by
:meth:`AppContext.pop() <flask.ctx.AppContext.pop>`.
.. versionchanged:: 3.2
All callbacks are called rather than stopping on the first error.
.. versionadded:: 0.9
"""
if exc is _sentinel:
exc = sys.exc_info()[1]
collect_errors = _CollectErrors()
for func in reversed(self.teardown_appcontext_funcs):
self.ensure_sync(func)(exc)
with collect_errors:
self.ensure_sync(func)(exc)
appcontext_tearing_down.send(self, _async_wrapper=self.ensure_sync, exc=exc)
with collect_errors:
appcontext_tearing_down.send(self, _async_wrapper=self.ensure_sync, exc=exc)
collect_errors.raise_any("Errors during app teardown")
def app_context(self) -> AppContext:
"""Create an :class:`~flask.ctx.AppContext`. Use as a ``with``
block to push the context, which will make :data:`current_app`
point at this application.
"""Create an :class:`.AppContext`. When the context is pushed,
:data:`.current_app` and :data:`.g` become available.
An application context is automatically pushed by
:meth:`RequestContext.push() <flask.ctx.RequestContext.push>`
when handling a request, and when running a CLI command. Use
this to manually create a context outside of these situations.
A context is automatically pushed when handling each request, and when
running any ``flask`` CLI command. Use this as a ``with`` block to
manually push a context outside of those situations, such as during
setup or testing.
::
.. code-block:: python
with app.app_context():
init_db()
@ -1404,44 +1498,37 @@ class Flask(App):
"""
return AppContext(self)
def request_context(self, environ: WSGIEnvironment) -> RequestContext:
"""Create a :class:`~flask.ctx.RequestContext` representing a
WSGI environment. Use a ``with`` block to push the context,
which will make :data:`request` point at this request.
def request_context(self, environ: WSGIEnvironment) -> AppContext:
"""Create an :class:`.AppContext` with request information representing
the given WSGI environment. A context is automatically pushed when
handling each request. When the context is pushed, :data:`.request`,
:data:`.session`, :data:`g:, and :data:`.current_app` become available.
See :doc:`/reqcontext`.
This method should not be used in your own code. Creating a valid WSGI
environ is not trivial. Use :meth:`test_request_context` to correctly
create a WSGI environ and request context instead.
Typically you should not call this from your own code. A request
context is automatically pushed by the :meth:`wsgi_app` when
handling a request. Use :meth:`test_request_context` to create
an environment and context instead of this method.
See :doc:`/appcontext`.
:param environ: a WSGI environment
:param environ: A WSGI environment.
"""
return RequestContext(self, environ)
return AppContext.from_environ(self, environ)
def test_request_context(self, *args: t.Any, **kwargs: t.Any) -> RequestContext:
"""Create a :class:`~flask.ctx.RequestContext` for a WSGI
environment created from the given values. This is mostly useful
during testing, where you may want to run a function that uses
request data without dispatching a full request.
def test_request_context(self, *args: t.Any, **kwargs: t.Any) -> AppContext:
"""Create an :class:`.AppContext` with request information created from
the given arguments. When the context is pushed, :data:`.request`,
:data:`.session`, :data:`g:, and :data:`.current_app` become available.
See :doc:`/reqcontext`.
This is useful during testing to run a function that uses request data
without dispatching a full request. Use this as a ``with`` block to push
a context.
Use a ``with`` block to push the context, which will make
:data:`request` point at the request for the created
environment. ::
.. code-block:: python
with app.test_request_context(...):
generate_report()
When using the shell, it may be easier to push and pop the
context manually to avoid indentation. ::
ctx = app.test_request_context(...)
ctx.push()
...
ctx.pop()
See :doc:`/appcontext`.
Takes the same arguments as Werkzeug's
:class:`~werkzeug.test.EnvironBuilder`, with some defaults from
@ -1451,20 +1538,18 @@ class Flask(App):
:param path: URL path being requested.
:param base_url: Base URL where the app is being served, which
``path`` is relative to. If not given, built from
:data:`PREFERRED_URL_SCHEME`, ``subdomain``,
:data:`SERVER_NAME`, and :data:`APPLICATION_ROOT`.
:param subdomain: Subdomain name to append to
:data:`SERVER_NAME`.
:data:`PREFERRED_URL_SCHEME`, ``subdomain``, :data:`SERVER_NAME`,
and :data:`APPLICATION_ROOT`.
:param subdomain: Subdomain name to prepend to :data:`SERVER_NAME`.
:param url_scheme: Scheme to use instead of
:data:`PREFERRED_URL_SCHEME`.
:param data: The request body, either as a string or a dict of
form keys and values.
:param data: The request body text or bytes,or a dict of form data.
:param json: If given, this is serialized as JSON and passed as
``data``. Also defaults ``content_type`` to
``application/json``.
:param args: other positional arguments passed to
:param args: Other positional arguments passed to
:class:`~werkzeug.test.EnvironBuilder`.
:param kwargs: other keyword arguments passed to
:param kwargs: Other keyword arguments passed to
:class:`~werkzeug.test.EnvironBuilder`.
"""
from .testing import EnvironBuilder
@ -1472,10 +1557,12 @@ class Flask(App):
builder = EnvironBuilder(self, *args, **kwargs)
try:
return self.request_context(builder.get_environ())
environ = builder.get_environ()
finally:
builder.close()
return self.request_context(environ)
def wsgi_app(
self, environ: WSGIEnvironment, start_response: StartResponse
) -> cabc.Iterable[bytes]:
@ -1496,7 +1583,6 @@ class Flask(App):
Teardown events for the request and app contexts are called
even if an unhandled error occurs. Other events may not be
called depending on when an error occurs during dispatch.
See :ref:`callbacks-and-errors`.
:param environ: A WSGI environment.
:param start_response: A callable accepting a status code,
@ -1508,20 +1594,23 @@ class Flask(App):
try:
try:
ctx.push()
response = self.full_dispatch_request()
response = self.full_dispatch_request(ctx)
except Exception as e:
error = e
response = self.handle_exception(e)
except: # noqa: B001
response = self.handle_exception(ctx, e)
except:
error = sys.exc_info()[1]
raise
return response(environ, start_response)
finally:
if "werkzeug.debug.preserve_context" in environ:
environ["werkzeug.debug.preserve_context"](_cv_app.get())
environ["werkzeug.debug.preserve_context"](_cv_request.get())
environ["werkzeug.debug.preserve_context"](ctx)
if error is not None and self.should_ignore_error(error):
if (
error is not None
and self.should_ignore_error is not None
and self.should_ignore_error(error)
):
error = None
ctx.pop(error)

18
src/flask/cli.py
View file

@ -468,7 +468,7 @@ _app_option = click.Option(
def _set_debug(ctx: click.Context, param: click.Option, value: bool) -> bool | None:
# If the flag isn't provided, it will default to False. Don't use
# that, let debug be set by env in that case.
source = ctx.get_parameter_source(param.name) # type: ignore[arg-type]
source = ctx.get_parameter_source(param.name)
if source is not None and source in (
ParameterSource.DEFAULT,
@ -601,15 +601,7 @@ class FlaskGroup(AppGroup):
if self._loaded_plugin_commands:
return
if sys.version_info >= (3, 10):
from importlib import metadata
else:
# Use a backport on Python < 3.10. We technically have
# importlib.metadata on 3.8+, but the API changed in 3.10,
# so use the backport for consistency.
import importlib_metadata as metadata # pyright: ignore
for ep in metadata.entry_points(group="flask.commands"):
for ep in importlib.metadata.entry_points(group="flask.commands"):
self.add_command(ep.load(), ep.name)
self._loaded_plugin_commands = True
@ -636,7 +628,7 @@ class FlaskGroup(AppGroup):
# Push an app context for the loaded app unless it is already
# active somehow. This makes the context available to parameter
# and command callbacks without needing @with_appcontext.
if not current_app or current_app._get_current_object() is not app: # type: ignore[attr-defined]
if not current_app or current_app._get_current_object() is not app:
ctx.with_resource(app.app_context())
return app.cli.get_command(ctx, name)
@ -785,7 +777,7 @@ def show_server_banner(debug: bool, app_import_path: str | None) -> None:
click.echo(f" * Debug mode: {'on' if debug else 'off'}")
class CertParamType(click.ParamType):
class CertParamType(click.ParamType[t.Any]):
"""Click option type for the ``--cert`` option. Allows either an
existing file, the string ``'adhoc'``, or an import for a
:class:`~ssl.SSLContext` object.
@ -811,7 +803,7 @@ class CertParamType(click.ParamType):
try:
return self.path_type(value, param, ctx)
except click.BadParameter:
value = click.STRING(value, param, ctx).lower()
value = click.STRING(value, param, ctx).lower() # type: ignore[union-attr]
if value == "adhoc":
try:

493
src/flask/ctx.py
View file

@ -1,20 +1,21 @@
from __future__ import annotations
import contextvars
import sys
import typing as t
from functools import update_wrapper
from types import TracebackType
from werkzeug.exceptions import HTTPException
from werkzeug.routing import MapAdapter
from . import typing as ft
from .globals import _cv_app
from .globals import _cv_request
from .helpers import _CollectErrors
from .signals import appcontext_popped
from .signals import appcontext_pushed
if t.TYPE_CHECKING: # pragma: no cover
if t.TYPE_CHECKING:
import typing_extensions as te
from _typeshed.wsgi import WSGIEnvironment
from .app import Flask
@ -31,7 +32,7 @@ class _AppCtxGlobals:
application context.
Creating an app context automatically creates this object, which is
made available as the :data:`g` proxy.
made available as the :data:`.g` proxy.
.. describe:: 'key' in g
@ -117,29 +118,27 @@ class _AppCtxGlobals:
def after_this_request(
f: ft.AfterRequestCallable[t.Any],
) -> ft.AfterRequestCallable[t.Any]:
"""Executes a function after this request. This is useful to modify
response objects. The function is passed the response object and has
to return the same or a new one.
"""Decorate a function to run after the current request. The behavior is the
same as :meth:`.Flask.after_request`, except it only applies to the current
request, rather than every request. Therefore, it must be used within a
request context, rather than during setup.
Example::
.. code-block:: python
@app.route('/')
@app.route("/")
def index():
@after_this_request
def add_header(response):
response.headers['X-Foo'] = 'Parachute'
response.headers["X-Foo"] = "Parachute"
return response
return 'Hello World!'
This is more useful if a function other than the view function wants to
modify a response. For instance think of a decorator that wants to add
some headers without converting the return value into a response object.
return "Hello, World!"
.. versionadded:: 0.9
"""
ctx = _cv_request.get(None)
ctx = _cv_app.get(None)
if ctx is None:
if ctx is None or not ctx.has_request:
raise RuntimeError(
"'after_this_request' can only be used when a request"
" context is active, such as in a view function."
@ -153,13 +152,27 @@ F = t.TypeVar("F", bound=t.Callable[..., t.Any])
def copy_current_request_context(f: F) -> F:
"""A helper function that decorates a function to retain the current
request context. This is useful when working with greenlets. The moment
the function is decorated a copy of the request context is created and
then pushed when the function is called. The current session is also
included in the copied request context.
"""Decorate a function to run inside the current request context. This can
be used when starting a background task, otherwise it will not see the app
and request objects that were active in the parent.
Example::
.. warning::
Due to the following caveats, it is often safer (and simpler) to pass
the data you need when starting the task, rather than using this and
relying on the context objects.
In order to avoid execution switching partially though reading data, either
read the request body (access ``form``, ``json``, ``data``, etc) before
starting the task, or use a lock. This can be an issue when using threading,
but shouldn't be an issue when using greenlet/gevent or asyncio.
If the task will access ``session``, be sure to do so in the parent as well
so that the ``Vary: cookie`` header will be set. Modifying ``session`` in
the task should be avoided, as it may execute after the response cookie has
already been written.
.. code-block:: python
import gevent
from flask import copy_current_request_context
@ -176,59 +189,68 @@ def copy_current_request_context(f: F) -> F:
.. versionadded:: 0.10
"""
ctx = _cv_request.get(None)
# Store the context that was active when the decorator was applied.
original = _cv_app.get(None)
if ctx is None:
if original is None:
raise RuntimeError(
"'copy_current_request_context' can only be used when a"
" request context is active, such as in a view function."
)
ctx = ctx.copy()
def wrapper(*args: t.Any, **kwargs: t.Any) -> t.Any:
with ctx:
# Copy the context before pushing, so each worker acts independently.
with original.copy() as ctx:
return ctx.app.ensure_sync(f)(*args, **kwargs)
return update_wrapper(wrapper, f) # type: ignore[return-value]
def has_request_context() -> bool:
"""If you have code that wants to test if a request context is there or
not this function can be used. For instance, you may want to take advantage
of request information if the request object is available, but fail
silently if it is unavailable.
"""Test if an app context is active and if it has request information.
::
.. code-block:: python
class User(db.Model):
from flask import has_request_context, request
def __init__(self, username, remote_addr=None):
self.username = username
if remote_addr is None and has_request_context():
remote_addr = request.remote_addr
self.remote_addr = remote_addr
if has_request_context():
remote_addr = request.remote_addr
Alternatively you can also just test any of the context bound objects
(such as :class:`request` or :class:`g`) for truthness::
If a request context is active, the :data:`.request` and :data:`.session`
context proxies will available and ``True``, otherwise ``False``. You can
use that to test the data you use, rather than using this function.
class User(db.Model):
.. code-block:: python
def __init__(self, username, remote_addr=None):
self.username = username
if remote_addr is None and request:
remote_addr = request.remote_addr
self.remote_addr = remote_addr
from flask import request
if request:
remote_addr = request.remote_addr
.. versionadded:: 0.7
"""
return _cv_request.get(None) is not None
return (ctx := _cv_app.get(None)) is not None and ctx.has_request
def has_app_context() -> bool:
"""Works like :func:`has_request_context` but for the application
context. You can also just do a boolean check on the
:data:`current_app` object instead.
"""Test if an app context is active. Unlike :func:`has_request_context`
this can be true outside a request, such as in a CLI command.
.. code-block:: python
from flask import has_app_context, g
if has_app_context():
g.cached_data = ...
If an app context is active, the :data:`.g` and :data:`.current_app` context
proxies will available and ``True``, otherwise ``False``. You can use that
to test the data you use, rather than using this function.
from flask import g
if g:
g.cached_data = ...
.. versionadded:: 0.9
"""
@ -236,214 +258,283 @@ def has_app_context() -> bool:
class AppContext:
"""The app context contains application-specific information. An app
context is created and pushed at the beginning of each request if
one is not already active. An app context is also pushed when
running CLI commands.
"""
"""An app context contains information about an app, and about the request
when handling a request. A context is pushed at the beginning of each
request and CLI command, and popped at the end. The context is referred to
as a "request context" if it has request information, and an "app context"
if not.
def __init__(self, app: Flask) -> None:
self.app = app
self.url_adapter = app.create_url_adapter(None)
self.g: _AppCtxGlobals = app.app_ctx_globals_class()
self._cv_tokens: list[contextvars.Token[AppContext]] = []
Do not use this class directly. Use :meth:`.Flask.app_context` to create an
app context if needed during setup, and :meth:`.Flask.test_request_context`
to create a request context if needed during tests.
def push(self) -> None:
"""Binds the app context to the current context."""
self._cv_tokens.append(_cv_app.set(self))
appcontext_pushed.send(self.app, _async_wrapper=self.app.ensure_sync)
When the context is popped, it will evaluate all the teardown functions
registered with :meth:`~flask.Flask.teardown_request` (if handling a
request) then :meth:`.Flask.teardown_appcontext`.
def pop(self, exc: BaseException | None = _sentinel) -> None: # type: ignore
"""Pops the app context."""
try:
if len(self._cv_tokens) == 1:
if exc is _sentinel:
exc = sys.exc_info()[1]
self.app.do_teardown_appcontext(exc)
finally:
ctx = _cv_app.get()
_cv_app.reset(self._cv_tokens.pop())
When using the interactive debugger, the context will be restored so
``request`` is still accessible. Similarly, the test client can preserve the
context after the request ends. However, teardown functions may already have
closed some resources such as database connections, and will run again when
the restored context is popped.
if ctx is not self:
raise AssertionError(
f"Popped wrong app context. ({ctx!r} instead of {self!r})"
)
:param app: The application this context represents.
:param request: The request data this context represents.
:param session: The session data this context represents. If not given,
loaded from the request on first access.
appcontext_popped.send(self.app, _async_wrapper=self.app.ensure_sync)
.. versionchanged:: 3.2
Merged with ``RequestContext``. The ``RequestContext`` alias will be
removed in Flask 4.0.
def __enter__(self) -> AppContext:
self.push()
return self
.. versionchanged:: 3.2
A combined app and request context is pushed for every request and CLI
command, rather than trying to detect if an app context is already
pushed.
def __exit__(
self,
exc_type: type | None,
exc_value: BaseException | None,
tb: TracebackType | None,
) -> None:
self.pop(exc_value)
class RequestContext:
"""The request context contains per-request information. The Flask
app creates and pushes it at the beginning of the request, then pops
it at the end of the request. It will create the URL adapter and
request object for the WSGI environment provided.
Do not attempt to use this class directly, instead use
:meth:`~flask.Flask.test_request_context` and
:meth:`~flask.Flask.request_context` to create this object.
When the request context is popped, it will evaluate all the
functions registered on the application for teardown execution
(:meth:`~flask.Flask.teardown_request`).
The request context is automatically popped at the end of the
request. When using the interactive debugger, the context will be
restored so ``request`` is still accessible. Similarly, the test
client can preserve the context after the request ends. However,
teardown functions may already have closed some resources such as
database connections.
.. versionchanged:: 3.2
The session is loaded the first time it is accessed, rather than when
the context is pushed.
"""
def __init__(
self,
app: Flask,
environ: WSGIEnvironment,
*,
request: Request | None = None,
session: SessionMixin | None = None,
) -> None:
self.app = app
if request is None:
request = app.request_class(environ)
request.json_module = app.json
self.request: Request = request
self.url_adapter = None
try:
self.url_adapter = app.create_url_adapter(self.request)
except HTTPException as e:
self.request.routing_exception = e
self.flashes: list[tuple[str, str]] | None = None
self.session: SessionMixin | None = session
# Functions that should be executed after the request on the response
# object. These will be called before the regular "after_request"
# functions.
"""The application represented by this context. Accessed through
:data:`.current_app`.
"""
self.g: _AppCtxGlobals = app.app_ctx_globals_class()
"""The global data for this context. Accessed through :data:`.g`."""
self.url_adapter: MapAdapter | None = None
"""The URL adapter bound to the request, or the app if not in a request.
May be ``None`` if binding failed.
"""
self._request: Request | None = request
self._session: SessionMixin | None = session
self._flashes: list[tuple[str, str]] | None = None
self._after_request_functions: list[ft.AfterRequestCallable[t.Any]] = []
self._cv_tokens: list[
tuple[contextvars.Token[RequestContext], AppContext | None]
] = []
try:
self.url_adapter = app.create_url_adapter(self._request)
except HTTPException as e:
if self._request is not None:
self._request.routing_exception = e
def copy(self) -> RequestContext:
"""Creates a copy of this request context with the same request object.
This can be used to move a request context to a different greenlet.
Because the actual request object is the same this cannot be used to
move a request context to a different thread unless access to the
request object is locked.
self._cv_token: contextvars.Token[AppContext] | None = None
"""The previous state to restore when popping."""
.. versionadded:: 0.10
self._push_count: int = 0
"""Track nested pushes of this context. Cleanup will only run once the
original push has been popped.
"""
@classmethod
def from_environ(cls, app: Flask, environ: WSGIEnvironment, /) -> te.Self:
"""Create an app context with request data from the given WSGI environ.
:param app: The application this context represents.
:param environ: The request data this context represents.
"""
request = app.request_class(environ)
request.json_module = app.json
return cls(app, request=request)
@property
def has_request(self) -> bool:
"""True if this context was created with request data."""
return self._request is not None
def copy(self) -> te.Self:
"""Create a new context with the same data objects as this context. See
:func:`.copy_current_request_context`.
.. versionchanged:: 1.1
The current session object is used instead of reloading the original
data. This prevents `flask.session` pointing to an out-of-date object.
The current session data is used instead of reloading the original data.
.. versionadded:: 0.10
"""
return self.__class__(
self.app,
environ=self.request.environ,
request=self.request,
session=self.session,
request=self._request,
session=self._session,
)
@property
def request(self) -> Request:
"""The request object associated with this context. Accessed through
:data:`.request`. Only available in request contexts, otherwise raises
:exc:`RuntimeError`.
"""
if self._request is None:
raise RuntimeError("There is no request in this context.")
return self._request
def _get_session(self) -> SessionMixin:
"""Open the session if it is not already open for this request context."""
if self._request is None:
raise RuntimeError("There is no request in this context.")
if self._session is None:
si = self.app.session_interface
self._session = si.open_session(self.app, self.request)
if self._session is None:
self._session = si.make_null_session(self.app)
return self._session
@property
def session(self) -> SessionMixin:
"""The session object associated with this context. Accessed through
:data:`.session`. Only available in request contexts, otherwise raises
:exc:`RuntimeError`. Accessing this sets :attr:`.SessionMixin.accessed`.
"""
session = self._get_session()
session.accessed = True
return session
def match_request(self) -> None:
"""Can be overridden by a subclass to hook into the matching
of the request.
"""Apply routing to the current request, storing either the matched
endpoint and args, or a routing exception.
"""
try:
result = self.url_adapter.match(return_rule=True) # type: ignore
self.request.url_rule, self.request.view_args = result # type: ignore
result = self.url_adapter.match(return_rule=True) # type: ignore[union-attr]
except HTTPException as e:
self.request.routing_exception = e
self._request.routing_exception = e # type: ignore[union-attr]
else:
self._request.url_rule, self._request.view_args = result # type: ignore[union-attr]
def push(self) -> None:
# Before we push the request context we have to ensure that there
# is an application context.
app_ctx = _cv_app.get(None)
"""Push this context so that it is the active context. If this is a
request context, calls :meth:`match_request` to perform routing with
the context active.
if app_ctx is None or app_ctx.app is not self.app:
app_ctx = self.app.app_context()
app_ctx.push()
else:
app_ctx = None
Typically, this is not used directly. Instead, use a ``with`` block
to manage the context.
self._cv_tokens.append((_cv_request.set(self), app_ctx))
In some situations, such as streaming or testing, the context may be
pushed multiple times. It will only trigger matching and signals if it
is not currently pushed.
"""
self._push_count += 1
# Open the session at the moment that the request context is available.
# This allows a custom open_session method to use the request context.
# Only open a new session if this is the first time the request was
# pushed, otherwise stream_with_context loses the session.
if self.session is None:
session_interface = self.app.session_interface
self.session = session_interface.open_session(self.app, self.request)
if self._cv_token is not None:
return
if self.session is None:
self.session = session_interface.make_null_session(self.app)
self._cv_token = _cv_app.set(self)
appcontext_pushed.send(self.app, _async_wrapper=self.app.ensure_sync)
# Match the request URL after loading the session, so that the
# session is available in custom URL converters.
if self.url_adapter is not None:
self.match_request()
if self._request is not None:
# Open the session at the moment that the request context is available.
# This allows a custom open_session method to use the request context.
self._get_session()
def pop(self, exc: BaseException | None = _sentinel) -> None: # type: ignore
"""Pops the request context and unbinds it by doing that. This will
also trigger the execution of functions registered by the
:meth:`~flask.Flask.teardown_request` decorator.
# Match the request URL after loading the session, so that the
# session is available in custom URL converters.
if self.url_adapter is not None:
self.match_request()
def pop(self, exc: BaseException | None = None) -> None:
"""Pop this context so that it is no longer the active context. Then
call teardown functions and signals.
Typically, this is not used directly. Instead, use a ``with`` block
to manage the context.
This context must currently be the active context, otherwise a
:exc:`RuntimeError` is raised. In some situations, such as streaming or
testing, the context may have been pushed multiple times. It will only
trigger cleanup once it has been popped as many times as it was pushed.
Until then, it will remain the active context.
:param exc: An unhandled exception that was raised while the context was
active. Passed to teardown functions.
.. versionchanged:: 0.9
Added the `exc` argument.
Added the ``exc`` argument.
"""
clear_request = len(self._cv_tokens) == 1
if self._cv_token is None:
raise RuntimeError(f"Cannot pop this context ({self!r}), it is not pushed.")
try:
if clear_request:
if exc is _sentinel:
exc = sys.exc_info()[1]
self.app.do_teardown_request(exc)
ctx = _cv_app.get(None)
request_close = getattr(self.request, "close", None)
if request_close is not None:
request_close()
finally:
ctx = _cv_request.get()
token, app_ctx = self._cv_tokens.pop()
_cv_request.reset(token)
if ctx is None or self._cv_token is None:
raise RuntimeError(
f"Cannot pop this context ({self!r}), there is no active context."
)
# get rid of circular dependencies at the end of the request
# so that we don't require the GC to be active.
if clear_request:
ctx.request.environ["werkzeug.request"] = None
if ctx is not self:
raise RuntimeError(
f"Cannot pop this context ({self!r}), it is not the active"
f" context ({ctx!r})."
)
if app_ctx is not None:
app_ctx.pop(exc)
self._push_count -= 1
if ctx is not self:
raise AssertionError(
f"Popped wrong request context. ({ctx!r} instead of {self!r})"
)
if self._push_count > 0:
return
def __enter__(self) -> RequestContext:
collect_errors = _CollectErrors()
if self._request is not None:
with collect_errors:
self.app.do_teardown_request(self, exc)
with collect_errors:
self._request.close()
with collect_errors:
self.app.do_teardown_appcontext(self, exc)
_cv_app.reset(self._cv_token)
self._cv_token = None
with collect_errors:
appcontext_popped.send(self.app, _async_wrapper=self.app.ensure_sync)
collect_errors.raise_any("Errors during context teardown")
def __enter__(self) -> te.Self:
self.push()
return self
def __exit__(
self,
exc_type: type | None,
exc_type: type[BaseException] | None,
exc_value: BaseException | None,
tb: TracebackType | None,
) -> None:
self.pop(exc_value)
def __repr__(self) -> str:
return (
f"<{type(self).__name__} {self.request.url!r}"
f" [{self.request.method}] of {self.app.name}>"
if self._request is not None:
return (
f"<{type(self).__name__} {id(self)} of {self.app.name},"
f" {self.request.method} {self.request.url!r}>"
)
return f"<{type(self).__name__} {id(self)} of {self.app.name}>"
def __getattr__(name: str) -> t.Any:
import warnings
if name == "RequestContext":
warnings.warn(
"'RequestContext' has merged with 'AppContext', and will be removed"
" in Flask 4.0. Use 'AppContext' instead.",
DeprecationWarning,
stacklevel=2,
)
return AppContext
raise AttributeError(name)

7
src/flask/debughelpers.py
View file

@ -6,7 +6,7 @@ from jinja2.loaders import BaseLoader
from werkzeug.routing import RequestRedirect
from .blueprints import Blueprint
from .globals import request_ctx
from .globals import _cv_app
from .sansio.app import App
if t.TYPE_CHECKING:
@ -136,8 +136,9 @@ def explain_template_loading_attempts(
info = [f"Locating template {template!r}:"]
total_found = 0
blueprint = None
if request_ctx and request_ctx.request.blueprint is not None:
blueprint = request_ctx.request.blueprint
if (ctx := _cv_app.get(None)) is not None and ctx.has_request:
blueprint = ctx.request.blueprint
for idx, (loader, srcobj, triple) in enumerate(attempts):
if isinstance(srcobj, App):

62
src/flask/globals.py
View file

@ -9,43 +9,69 @@ if t.TYPE_CHECKING: # pragma: no cover
from .app import Flask
from .ctx import _AppCtxGlobals
from .ctx import AppContext
from .ctx import RequestContext
from .sessions import SessionMixin
from .wrappers import Request
T = t.TypeVar("T", covariant=True)
class ProxyMixin(t.Protocol[T]):
def _get_current_object(self) -> T: ...
# These subclasses inform type checkers that the proxy objects look like the
# proxied type along with the _get_current_object method.
class FlaskProxy(ProxyMixin[Flask], Flask): ...
class AppContextProxy(ProxyMixin[AppContext], AppContext): ...
class _AppCtxGlobalsProxy(ProxyMixin[_AppCtxGlobals], _AppCtxGlobals): ...
class RequestProxy(ProxyMixin[Request], Request): ...
class SessionMixinProxy(ProxyMixin[SessionMixin], SessionMixin): ...
_no_app_msg = """\
Working outside of application context.
This typically means that you attempted to use functionality that needed
the current application. To solve this, set up an application context
with app.app_context(). See the documentation for more information.\
Attempted to use functionality that expected a current application to be set. To
solve this, set up an app context using 'with app.app_context()'. See the
documentation on app context for more information.\
"""
_cv_app: ContextVar[AppContext] = ContextVar("flask.app_ctx")
app_ctx: AppContext = LocalProxy( # type: ignore[assignment]
app_ctx: AppContextProxy = LocalProxy( # type: ignore[assignment]
_cv_app, unbound_message=_no_app_msg
)
current_app: Flask = LocalProxy( # type: ignore[assignment]
current_app: FlaskProxy = LocalProxy( # type: ignore[assignment]
_cv_app, "app", unbound_message=_no_app_msg
)
g: _AppCtxGlobals = LocalProxy( # type: ignore[assignment]
g: _AppCtxGlobalsProxy = LocalProxy( # type: ignore[assignment]
_cv_app, "g", unbound_message=_no_app_msg
)
_no_req_msg = """\
Working outside of request context.
This typically means that you attempted to use functionality that needed
an active HTTP request. Consult the documentation on testing for
information about how to avoid this problem.\
Attempted to use functionality that expected an active HTTP request. See the
documentation on request context for more information.\
"""
_cv_request: ContextVar[RequestContext] = ContextVar("flask.request_ctx")
request_ctx: RequestContext = LocalProxy( # type: ignore[assignment]
_cv_request, unbound_message=_no_req_msg
request: RequestProxy = LocalProxy( # type: ignore[assignment]
_cv_app, "request", unbound_message=_no_req_msg
)
request: Request = LocalProxy( # type: ignore[assignment]
_cv_request, "request", unbound_message=_no_req_msg
)
session: SessionMixin = LocalProxy( # type: ignore[assignment]
_cv_request, "session", unbound_message=_no_req_msg
session: SessionMixinProxy = LocalProxy( # type: ignore[assignment]
_cv_app, "session", unbound_message=_no_req_msg
)
def __getattr__(name: str) -> t.Any:
import warnings
if name == "request_ctx":
warnings.warn(
"'request_ctx' has merged with 'app_ctx', and will be removed"
" in Flask 4.0. Use 'app_ctx' instead.",
DeprecationWarning,
stacklevel=2,
)
return app_ctx
raise AttributeError(name)

99
src/flask/helpers.py
View file

@ -7,6 +7,7 @@ import typing as t
from datetime import datetime
from functools import cache
from functools import update_wrapper
from types import TracebackType
import werkzeug.utils
from werkzeug.exceptions import abort as _wz_abort
@ -14,10 +15,9 @@ from werkzeug.utils import redirect as _wz_redirect
from werkzeug.wrappers import Response as BaseResponse
from .globals import _cv_app
from .globals import _cv_request
from .globals import app_ctx
from .globals import current_app
from .globals import request
from .globals import request_ctx
from .globals import session
from .signals import message_flashed
@ -64,10 +64,22 @@ def stream_with_context(
generator_or_function: t.Iterator[t.AnyStr] | t.Callable[..., t.Iterator[t.AnyStr]],
) -> t.Iterator[t.AnyStr] | t.Callable[[t.Iterator[t.AnyStr]], t.Iterator[t.AnyStr]]:
"""Wrap a response generator function so that it runs inside the current
request context. This keeps :data:`request`, :data:`session`, and :data:`g`
request context. This keeps :data:`.request`, :data:`.session`, and :data:`.g`
available, even though at the point the generator runs the request context
will typically have ended.
.. warning::
Due to the following caveat, it is often safer to pass the data you
need as arguments to the generator, rather than relying on the context
objects.
More headers cannot be sent after the body has begun. Therefore, you must
make sure all headers are set before starting the response. In particular,
if the generator will access ``session``, be sure to do so in the view as
well so that the ``Vary: cookie`` header will be set. Do not modify the
session in the generator, as the ``Set-Cookie`` header will already be sent.
Use it as a decorator on a generator function:
.. code-block:: python
@ -112,22 +124,15 @@ def stream_with_context(
return update_wrapper(decorator, generator_or_function) # type: ignore[arg-type]
def generator() -> t.Iterator[t.AnyStr]:
if (req_ctx := _cv_request.get(None)) is None:
if (ctx := _cv_app.get(None)) is None:
raise RuntimeError(
"'stream_with_context' can only be used when a request"
" context is active, such as in a view function."
)
app_ctx = _cv_app.get()
# Setup code below will run the generator to this point, so that the
# current contexts are recorded. The contexts must be pushed after,
# otherwise their ContextVar will record the wrong event loop during
# async view functions.
yield None # type: ignore[misc]
with ctx:
yield None # type: ignore[misc]
# Push the app context first, so that the request context does not
# automatically create and push a different app context.
with app_ctx, req_ctx:
try:
yield from gen
finally:
@ -135,9 +140,9 @@ def stream_with_context(
if hasattr(gen, "close"):
gen.close()
# Execute the generator to the sentinel value. This ensures the context is
# preserved in the generator's state. Further iteration will push the
# context and yield from the original iterator.
# Execute the generator to the sentinel value. This captures the current
# context and pushes it to preserve it. Further iteration will yield from
# the original iterator.
wrapped_g = generator()
next(wrapped_g)
return wrapped_g
@ -247,7 +252,7 @@ def url_for(
def redirect(
location: str, code: int = 302, Response: type[BaseResponse] | None = None
location: str, code: int = 303, Response: type[BaseResponse] | None = None
) -> BaseResponse:
"""Create a redirect response object.
@ -260,12 +265,15 @@ def redirect(
:param Response: The response class to use. Not used when
``current_app`` is active, which uses ``app.response_class``.
.. versionchanged:: 3.2
``code`` defaults to ``303`` instead of ``302``.
.. versionadded:: 2.2
Calls ``current_app.redirect`` if available instead of always
using Werkzeug's default ``redirect``.
"""
if current_app:
return current_app.redirect(location, code=code)
if (ctx := _cv_app.get(None)) is not None:
return ctx.app.redirect(location, code=code)
return _wz_redirect(location, code=code, Response=Response)
@ -287,8 +295,8 @@ def abort(code: int | BaseResponse, *args: t.Any, **kwargs: t.Any) -> t.NoReturn
Calls ``current_app.aborter`` if available instead of always
using Werkzeug's default ``abort``.
"""
if current_app:
current_app.aborter(code, *args, **kwargs)
if (ctx := _cv_app.get(None)) is not None:
ctx.app.aborter(code, *args, **kwargs)
_wz_abort(code, *args, **kwargs)
@ -340,7 +348,7 @@ def flash(message: str, category: str = "message") -> None:
flashes = session.get("_flashes", [])
flashes.append((category, message))
session["_flashes"] = flashes
app = current_app._get_current_object() # type: ignore
app = current_app._get_current_object()
message_flashed.send(
app,
_async_wrapper=app.ensure_sync,
@ -380,10 +388,10 @@ def get_flashed_messages(
:param category_filter: filter of categories to limit return values. Only
categories in the list will be returned.
"""
flashes = request_ctx.flashes
flashes = app_ctx._flashes
if flashes is None:
flashes = session.pop("_flashes") if "_flashes" in session else []
request_ctx.flashes = flashes
app_ctx._flashes = flashes
if category_filter:
flashes = list(filter(lambda f: f[0] in category_filter, flashes))
if not with_categories:
@ -392,14 +400,16 @@ def get_flashed_messages(
def _prepare_send_file_kwargs(**kwargs: t.Any) -> dict[str, t.Any]:
ctx = app_ctx._get_current_object()
if kwargs.get("max_age") is None:
kwargs["max_age"] = current_app.get_send_file_max_age
kwargs["max_age"] = ctx.app.get_send_file_max_age
kwargs.update(
environ=request.environ,
use_x_sendfile=current_app.config["USE_X_SENDFILE"],
response_class=current_app.response_class,
_root_path=current_app.root_path,
environ=ctx.request.environ,
use_x_sendfile=ctx.app.config["USE_X_SENDFILE"],
response_class=ctx.app.response_class,
_root_path=ctx.app.root_path,
)
return kwargs
@ -639,3 +649,34 @@ def _split_blueprint_path(name: str) -> list[str]:
out.extend(_split_blueprint_path(name.rpartition(".")[0]))
return out
class _CollectErrors:
"""A context manager that records and silences an error raised within it.
Used to run all teardown functions, then raise any errors afterward.
"""
def __init__(self) -> None:
self.errors: list[BaseException] = []
def __enter__(self) -> None:
pass
def __exit__(
self,
exc_type: type[BaseException] | None,
exc_val: BaseException | None,
exc_tb: TracebackType | None,
) -> bool:
if exc_val is not None:
self.errors.append(exc_val)
return True
def raise_any(self, message: str) -> None:
"""Raise if any errors were collected."""
if self.errors:
if sys.version_info >= (3, 11):
raise BaseExceptionGroup(message, self.errors) # noqa: F821
else:
raise self.errors[0]

2
src/flask/json/__init__.py
View file

@ -141,7 +141,7 @@ def jsonify(*args: t.Any, **kwargs: t.Any) -> Response:
mimetype. A dict or list returned from a view will be converted to a
JSON response automatically without needing to call this.
This requires an active request or application context, and calls
This requires an active app context, and calls
:meth:`app.json.response() <flask.json.provider.JSONProvider.response>`.
In debug mode, the output is formatted with indentation to make it

2
src/flask/json/provider.py
View file

@ -135,7 +135,7 @@ class DefaultJSONProvider(JSONProvider):
method) will call the ``__html__`` method to get a string.
"""
default: t.Callable[[t.Any], t.Any] = staticmethod(_default) # type: ignore[assignment]
default: t.Callable[[t.Any], t.Any] = staticmethod(_default)
"""Apply this function to any object that :meth:`json.dumps` does
not know how to serialize. It should return a valid JSON type or
raise a ``TypeError``.

207
src/flask/sansio/app.py
View file

@ -177,11 +177,8 @@ class App(Scaffold):
#: 3. Return None instead of AttributeError on unexpected attributes.
#: 4. Raise exception if an unexpected attr is set, a "controlled" flask.g.
#:
#: In Flask 0.9 this property was called `request_globals_class` but it
#: was changed in 0.10 to :attr:`app_ctx_globals_class` because the
#: flask.g object is now application context scoped.
#:
#: .. versionadded:: 0.10
#: Renamed from ``request_globals_class`.
app_ctx_globals_class = _AppCtxGlobals
#: The class that is used for the ``config`` attribute of this app.
@ -213,7 +210,7 @@ class App(Scaffold):
#:
#: This attribute can also be configured from the config with the
#: :data:`SECRET_KEY` configuration key. Defaults to ``None``.
secret_key = ConfigAttribute[t.Union[str, bytes, None]]("SECRET_KEY")
secret_key = ConfigAttribute[str | bytes | None]("SECRET_KEY")
#: A :class:`~datetime.timedelta` which is used to set the expiration
#: date of a permanent session. The default is 31 days which makes a
@ -533,10 +530,13 @@ class App(Scaffold):
"""
return DispatchingJinjaLoader(self)
def select_jinja_autoescape(self, filename: str) -> bool:
def select_jinja_autoescape(self, filename: str | None) -> bool:
"""Returns ``True`` if autoescaping should be active for the given
template name. If no template name is given, returns `True`.
.. versionchanged:: 3.2
Use case-insensitive comparison instead of only lower case.
.. versionchanged:: 2.2
Autoescaping is now enabled by default for ``.svg`` files.
@ -544,7 +544,7 @@ class App(Scaffold):
"""
if filename is None:
return True
return filename.endswith((".html", ".htm", ".xml", ".xhtml", ".svg"))
return filename.lower().endswith((".html", ".htm", ".xml", ".xhtml", ".svg"))
@property
def debug(self) -> bool:
@ -630,19 +630,19 @@ class App(Scaffold):
# Methods that should always be added
required_methods: set[str] = set(getattr(view_func, "required_methods", ()))
# starting with Flask 0.8 the view_func object can disable and
# force-enable the automatic options handling.
if provide_automatic_options is None:
provide_automatic_options = getattr(
view_func, "provide_automatic_options", None
)
if provide_automatic_options is None:
if "OPTIONS" not in methods and self.config["PROVIDE_AUTOMATIC_OPTIONS"]:
provide_automatic_options = True
required_methods.add("OPTIONS")
else:
provide_automatic_options = False
if provide_automatic_options is None:
provide_automatic_options = (
"OPTIONS" not in methods
and self.config["PROVIDE_AUTOMATIC_OPTIONS"]
)
if provide_automatic_options:
required_methods.add("OPTIONS")
# Add the required methods now.
methods |= required_methods
@ -660,21 +660,34 @@ class App(Scaffold):
)
self.view_functions[endpoint] = view_func
@setupmethod
@t.overload
def template_filter(self, name: T_template_filter) -> T_template_filter: ...
@t.overload
def template_filter(
self, name: str | None = None
) -> t.Callable[[T_template_filter], T_template_filter]:
"""A decorator that is used to register custom template filter.
You can specify a name for the filter, otherwise the function
name will be used. Example::
) -> t.Callable[[T_template_filter], T_template_filter]: ...
@setupmethod
def template_filter(
self, name: T_template_filter | str | None = None
) -> T_template_filter | t.Callable[[T_template_filter], T_template_filter]:
"""Decorate a function to register it as a custom Jinja filter. The name
is optional. The decorator may be used without parentheses.
@app.template_filter()
def reverse(s):
return s[::-1]
.. code-block:: python
:param name: the optional name of the filter, otherwise the
function name will be used.
@app.template_filter("reverse")
def reverse_filter(s):
return reversed(s)
The :meth:`add_template_filter` method may be used to register a
function later rather than decorating.
:param name: The name to register the filter as. If not given, uses the
function's name.
"""
if callable(name):
self.add_template_filter(name)
return name
def decorator(f: T_template_filter) -> T_template_filter:
self.add_template_filter(f, name=name)
@ -686,36 +699,52 @@ class App(Scaffold):
def add_template_filter(
self, f: ft.TemplateFilterCallable, name: str | None = None
) -> None:
"""Register a custom template filter. Works exactly like the
:meth:`template_filter` decorator.
"""Register a function to use as a custom Jinja filter.
:param name: the optional name of the filter, otherwise the
function name will be used.
The :meth:`template_filter` decorator can be used to register a function
by decorating instead.
:param f: The function to register.
:param name: The name to register the filter as. If not given, uses the
function's name.
"""
self.jinja_env.filters[name or f.__name__] = f
@setupmethod
@t.overload
def template_test(self, name: T_template_test) -> T_template_test: ...
@t.overload
def template_test(
self, name: str | None = None
) -> t.Callable[[T_template_test], T_template_test]:
"""A decorator that is used to register custom template test.
You can specify a name for the test, otherwise the function
name will be used. Example::
) -> t.Callable[[T_template_test], T_template_test]: ...
@setupmethod
def template_test(
self, name: T_template_test | str | None = None
) -> T_template_test | t.Callable[[T_template_test], T_template_test]:
"""Decorate a function to register it as a custom Jinja test. The name
is optional. The decorator may be used without parentheses.
@app.template_test()
def is_prime(n):
if n == 2:
return True
for i in range(2, int(math.ceil(math.sqrt(n))) + 1):
if n % i == 0:
return False
.. code-block:: python
@app.template_test("prime")
def is_prime_test(n):
if n == 2:
return True
for i in range(2, int(math.ceil(math.sqrt(n))) + 1):
if n % i == 0:
return False
return True
.. versionadded:: 0.10
The :meth:`add_template_test` method may be used to register a function
later rather than decorating.
:param name: the optional name of the test, otherwise the
function name will be used.
:param name: The name to register the filter as. If not given, uses the
function's name.
.. versionadded:: 0.10
"""
if callable(name):
self.add_template_test(name)
return name
def decorator(f: T_template_test) -> T_template_test:
self.add_template_test(f, name=name)
@ -727,33 +756,49 @@ class App(Scaffold):
def add_template_test(
self, f: ft.TemplateTestCallable, name: str | None = None
) -> None:
"""Register a custom template test. Works exactly like the
:meth:`template_test` decorator.
"""Register a function to use as a custom Jinja test.
The :meth:`template_test` decorator can be used to register a function
by decorating instead.
:param f: The function to register.
:param name: The name to register the test as. If not given, uses the
function's name.
.. versionadded:: 0.10
:param name: the optional name of the test, otherwise the
function name will be used.
"""
self.jinja_env.tests[name or f.__name__] = f
@setupmethod
@t.overload
def template_global(self, name: T_template_global) -> T_template_global: ...
@t.overload
def template_global(
self, name: str | None = None
) -> t.Callable[[T_template_global], T_template_global]:
"""A decorator that is used to register a custom template global function.
You can specify a name for the global function, otherwise the function
name will be used. Example::
) -> t.Callable[[T_template_global], T_template_global]: ...
@setupmethod
def template_global(
self, name: T_template_global | str | None = None
) -> T_template_global | t.Callable[[T_template_global], T_template_global]:
"""Decorate a function to register it as a custom Jinja global. The name
is optional. The decorator may be used without parentheses.
@app.template_global()
.. code-block:: python
@app.template_global
def double(n):
return 2 * n
.. versionadded:: 0.10
The :meth:`add_template_global` method may be used to register a
function later rather than decorating.
:param name: the optional name of the global function, otherwise the
function name will be used.
:param name: The name to register the global as. If not given, uses the
function's name.
.. versionadded:: 0.10
"""
if callable(name):
self.add_template_global(name)
return name
def decorator(f: T_template_global) -> T_template_global:
self.add_template_global(f, name=name)
@ -765,22 +810,24 @@ class App(Scaffold):
def add_template_global(
self, f: ft.TemplateGlobalCallable, name: str | None = None
) -> None:
"""Register a custom template global function. Works exactly like the
:meth:`template_global` decorator.
"""Register a function to use as a custom Jinja global.
The :meth:`template_global` decorator can be used to register a function
by decorating instead.
:param f: The function to register.
:param name: The name to register the global as. If not given, uses the
function's name.
.. versionadded:: 0.10
:param name: the optional name of the global function, otherwise the
function name will be used.
"""
self.jinja_env.globals[name or f.__name__] = f
@setupmethod
def teardown_appcontext(self, f: T_teardown) -> T_teardown:
"""Registers a function to be called when the application
context is popped. The application context is typically popped
after the request context for each request, at the end of CLI
commands, or after a manually pushed context ends.
"""Registers a function to be called when the app context is popped. The
context is popped at the end of a request, CLI command, or manual ``with``
block.
.. code-block:: python
@ -789,9 +836,7 @@ class App(Scaffold):
When the ``with`` block exits (or ``ctx.pop()`` is called), the
teardown functions are called just before the app context is
made inactive. Since a request context typically also manages an
application context it would also be called when you pop a
request context.
made inactive.
When a teardown function was called because of an unhandled
exception it will be passed an error object. If an
@ -880,17 +925,18 @@ class App(Scaffold):
return False
def should_ignore_error(self, error: BaseException | None) -> bool:
"""This is called to figure out if an error should be ignored
or not as far as the teardown system is concerned. If this
function returns ``True`` then the teardown handlers will not be
passed the error.
should_ignore_error: None = None
"""If this method returns ``True``, the error will not be passed to
teardown handlers, and the context will not be preserved for
debugging.
.. versionadded:: 0.10
"""
return False
.. deprecated:: 3.2
Handle errors as needed in teardown handlers instead.
def redirect(self, location: str, code: int = 302) -> BaseResponse:
.. versionadded:: 0.10
"""
def redirect(self, location: str, code: int = 303) -> BaseResponse:
"""Create a redirect response object.
This is called by :func:`flask.redirect`, and can be called
@ -899,6 +945,9 @@ class App(Scaffold):
:param location: The URL to redirect to.
:param code: The status code for the redirect.
.. versionchanged:: 3.2
``code`` defaults to ``303`` instead of ``302``.
.. versionadded:: 2.2
Moved from ``flask.redirect``, which calls this method.
"""

152
src/flask/sansio/blueprints.py
View file

@ -440,16 +440,31 @@ class Blueprint(Scaffold):
)
)
@setupmethod
@t.overload
def app_template_filter(self, name: T_template_filter) -> T_template_filter: ...
@t.overload
def app_template_filter(
self, name: str | None = None
) -> t.Callable[[T_template_filter], T_template_filter]:
"""Register a template filter, available in any template rendered by the
application. Equivalent to :meth:`.Flask.template_filter`.
) -> t.Callable[[T_template_filter], T_template_filter]: ...
@setupmethod
def app_template_filter(
self, name: T_template_filter | str | None = None
) -> T_template_filter | t.Callable[[T_template_filter], T_template_filter]:
"""Decorate a function to register it as a custom Jinja filter. The name
is optional. The decorator may be used without parentheses.
:param name: the optional name of the filter, otherwise the
function name will be used.
The :meth:`add_app_template_filter` method may be used to register a
function later rather than decorating.
The filter is available in all templates, not only those under this
blueprint. Equivalent to :meth:`.Flask.template_filter`.
:param name: The name to register the filter as. If not given, uses the
function's name.
"""
if callable(name):
self.add_app_template_filter(name)
return name
def decorator(f: T_template_filter) -> T_template_filter:
self.add_app_template_filter(f, name=name)
@ -461,31 +476,51 @@ class Blueprint(Scaffold):
def add_app_template_filter(
self, f: ft.TemplateFilterCallable, name: str | None = None
) -> None:
"""Register a template filter, available in any template rendered by the
application. Works like the :meth:`app_template_filter` decorator. Equivalent to
:meth:`.Flask.add_template_filter`.
"""Register a function to use as a custom Jinja filter.
:param name: the optional name of the filter, otherwise the
function name will be used.
The :meth:`app_template_filter` decorator can be used to register a
function by decorating instead.
The filter is available in all templates, not only those under this
blueprint. Equivalent to :meth:`.Flask.add_template_filter`.
:param f: The function to register.
:param name: The name to register the filter as. If not given, uses the
function's name.
"""
def register_template(state: BlueprintSetupState) -> None:
state.app.jinja_env.filters[name or f.__name__] = f
def register_template_filter(state: BlueprintSetupState) -> None:
state.app.add_template_filter(f, name=name)
self.record_once(register_template)
self.record_once(register_template_filter)
@setupmethod
@t.overload
def app_template_test(self, name: T_template_test) -> T_template_test: ...
@t.overload
def app_template_test(
self, name: str | None = None
) -> t.Callable[[T_template_test], T_template_test]:
"""Register a template test, available in any template rendered by the
application. Equivalent to :meth:`.Flask.template_test`.
) -> t.Callable[[T_template_test], T_template_test]: ...
@setupmethod
def app_template_test(
self, name: T_template_test | str | None = None
) -> T_template_test | t.Callable[[T_template_test], T_template_test]:
"""Decorate a function to register it as a custom Jinja test. The name
is optional. The decorator may be used without parentheses.
The :meth:`add_app_template_test` method may be used to register a
function later rather than decorating.
The test is available in all templates, not only those under this
blueprint. Equivalent to :meth:`.Flask.template_test`.
:param name: The name to register the filter as. If not given, uses the
function's name.
.. versionadded:: 0.10
:param name: the optional name of the test, otherwise the
function name will be used.
"""
if callable(name):
self.add_app_template_test(name)
return name
def decorator(f: T_template_test) -> T_template_test:
self.add_app_template_test(f, name=name)
@ -497,33 +532,53 @@ class Blueprint(Scaffold):
def add_app_template_test(
self, f: ft.TemplateTestCallable, name: str | None = None
) -> None:
"""Register a template test, available in any template rendered by the
application. Works like the :meth:`app_template_test` decorator. Equivalent to
:meth:`.Flask.add_template_test`.
"""Register a function to use as a custom Jinja test.
The :meth:`app_template_test` decorator can be used to register a
function by decorating instead.
The test is available in all templates, not only those under this
blueprint. Equivalent to :meth:`.Flask.add_template_test`.
:param f: The function to register.
:param name: The name to register the test as. If not given, uses the
function's name.
.. versionadded:: 0.10
:param name: the optional name of the test, otherwise the
function name will be used.
"""
def register_template(state: BlueprintSetupState) -> None:
state.app.jinja_env.tests[name or f.__name__] = f
def register_template_test(state: BlueprintSetupState) -> None:
state.app.add_template_test(f, name=name)
self.record_once(register_template)
self.record_once(register_template_test)
@setupmethod
@t.overload
def app_template_global(self, name: T_template_global) -> T_template_global: ...
@t.overload
def app_template_global(
self, name: str | None = None
) -> t.Callable[[T_template_global], T_template_global]:
"""Register a template global, available in any template rendered by the
application. Equivalent to :meth:`.Flask.template_global`.
) -> t.Callable[[T_template_global], T_template_global]: ...
@setupmethod
def app_template_global(
self, name: T_template_global | str | None = None
) -> T_template_global | t.Callable[[T_template_global], T_template_global]:
"""Decorate a function to register it as a custom Jinja global. The name
is optional. The decorator may be used without parentheses.
The :meth:`add_app_template_global` method may be used to register a
function later rather than decorating.
The global is available in all templates, not only those under this
blueprint. Equivalent to :meth:`.Flask.template_global`.
:param name: The name to register the global as. If not given, uses the
function's name.
.. versionadded:: 0.10
:param name: the optional name of the global, otherwise the
function name will be used.
"""
if callable(name):
self.add_app_template_global(name)
return name
def decorator(f: T_template_global) -> T_template_global:
self.add_app_template_global(f, name=name)
@ -535,20 +590,25 @@ class Blueprint(Scaffold):
def add_app_template_global(
self, f: ft.TemplateGlobalCallable, name: str | None = None
) -> None:
"""Register a template global, available in any template rendered by the
application. Works like the :meth:`app_template_global` decorator. Equivalent to
:meth:`.Flask.add_template_global`.
"""Register a function to use as a custom Jinja global.
The :meth:`app_template_global` decorator can be used to register a function
by decorating instead.
The global is available in all templates, not only those under this
blueprint. Equivalent to :meth:`.Flask.add_template_global`.
:param f: The function to register.
:param name: The name to register the global as. If not given, uses the
function's name.
.. versionadded:: 0.10
:param name: the optional name of the global, otherwise the
function name will be used.
"""
def register_template(state: BlueprintSetupState) -> None:
state.app.jinja_env.globals[name or f.__name__] = f
def register_template_global(state: BlueprintSetupState) -> None:
state.app.add_template_global(f, name=name)
self.record_once(register_template)
self.record_once(register_template_global)
@setupmethod
def before_app_request(self, f: T_before_request) -> T_before_request:

4
src/flask/sansio/scaffold.py
View file

@ -507,8 +507,8 @@ class Scaffold:
@setupmethod
def teardown_request(self, f: T_teardown) -> T_teardown:
"""Register a function to be called when the request context is
popped. Typically this happens at the end of each request, but
contexts may be pushed manually as well during testing.
popped. Typically, this happens at the end of each request, but
contexts may be pushed manually during testing.
.. code-block:: python

38
src/flask/sessions.py
View file

@ -27,7 +27,7 @@ class SessionMixin(MutableMapping[str, t.Any]):
@property
def permanent(self) -> bool:
"""This reflects the ``'_permanent'`` key in the dict."""
return self.get("_permanent", False)
return self.get("_permanent", False) # type: ignore[no-any-return]
@permanent.setter
def permanent(self, value: bool) -> None:
@ -43,10 +43,15 @@ class SessionMixin(MutableMapping[str, t.Any]):
#: ``True``.
modified = True
#: Some implementations can detect when session data is read or
#: written and set this when that happens. The mixin default is hard
#: coded to ``True``.
accessed = True
accessed = False
"""Indicates if the session was accessed, even if it was not modified. This
is set when the session object is accessed through the request context,
including the global :data:`.session` proxy. A ``Vary: cookie`` header will
be added if this is ``True``.
.. versionchanged:: 3.1.3
This is tracked by the request context.
"""
class SecureCookieSession(CallbackDict[str, t.Any], SessionMixin):
@ -65,34 +70,15 @@ class SecureCookieSession(CallbackDict[str, t.Any], SessionMixin):
#: will only be written to the response if this is ``True``.
modified = False
#: When data is read or written, this is set to ``True``. Used by
# :class:`.SecureCookieSessionInterface` to add a ``Vary: Cookie``
#: header, which allows caching proxies to cache different pages for
#: different users.
accessed = False
def __init__(
self,
initial: c.Mapping[str, t.Any] | c.Iterable[tuple[str, t.Any]] | None = None,
initial: c.Mapping[str, t.Any] | None = None,
) -> None:
def on_update(self: te.Self) -> None:
self.modified = True
self.accessed = True
super().__init__(initial, on_update)
def __getitem__(self, key: str) -> t.Any:
self.accessed = True
return super().__getitem__(key)
def get(self, key: str, default: t.Any = None) -> t.Any:
self.accessed = True
return super().get(key, default)
def setdefault(self, key: str, default: t.Any = None) -> t.Any:
self.accessed = True
return super().setdefault(key, default)
class NullSession(SecureCookieSession):
"""Class used to generate nicer error messages if sessions are not
@ -107,7 +93,7 @@ class NullSession(SecureCookieSession):
"application to something unique and secret."
)
__setitem__ = __delitem__ = clear = pop = popitem = update = setdefault = _fail # noqa: B950
__setitem__ = __delitem__ = clear = pop = popitem = update = setdefault = _fail
del _fail

69
src/flask/templating.py
View file

@ -7,32 +7,29 @@ from jinja2 import Environment as BaseEnvironment
from jinja2 import Template
from jinja2 import TemplateNotFound
from .globals import _cv_app
from .globals import _cv_request
from .globals import current_app
from .globals import request
from .ctx import AppContext
from .globals import app_ctx
from .helpers import stream_with_context
from .signals import before_render_template
from .signals import template_rendered
if t.TYPE_CHECKING: # pragma: no cover
from .app import Flask
from .sansio.app import App
from .sansio.scaffold import Scaffold
def _default_template_ctx_processor() -> dict[str, t.Any]:
"""Default template context processor. Injects `request`,
`session` and `g`.
"""Default template context processor. Replaces the ``request`` and ``g``
proxies with their concrete objects for faster access.
"""
appctx = _cv_app.get(None)
reqctx = _cv_request.get(None)
rv: dict[str, t.Any] = {}
if appctx is not None:
rv["g"] = appctx.g
if reqctx is not None:
rv["request"] = reqctx.request
rv["session"] = reqctx.session
ctx = app_ctx._get_current_object()
rv: dict[str, t.Any] = {"g": ctx.g}
if ctx.has_request:
rv["request"] = ctx.request
# The session proxy cannot be replaced, accessing it gets
# RequestContext.session, which sets session.accessed.
return rv
@ -123,8 +120,9 @@ class DispatchingJinjaLoader(BaseLoader):
return list(result)
def _render(app: Flask, template: Template, context: dict[str, t.Any]) -> str:
app.update_template_context(context)
def _render(ctx: AppContext, template: Template, context: dict[str, t.Any]) -> str:
app = ctx.app
app.update_template_context(ctx, context)
before_render_template.send(
app, _async_wrapper=app.ensure_sync, template=template, context=context
)
@ -145,9 +143,9 @@ def render_template(
a list is given, the first name to exist will be rendered.
:param context: The variables to make available in the template.
"""
app = current_app._get_current_object() # type: ignore[attr-defined]
template = app.jinja_env.get_or_select_template(template_name_or_list)
return _render(app, template, context)
ctx = app_ctx._get_current_object()
template = ctx.app.jinja_env.get_or_select_template(template_name_or_list)
return _render(ctx, template, context)
def render_template_string(source: str, **context: t.Any) -> str:
@ -157,15 +155,16 @@ def render_template_string(source: str, **context: t.Any) -> str:
:param source: The source code of the template to render.
:param context: The variables to make available in the template.
"""
app = current_app._get_current_object() # type: ignore[attr-defined]
template = app.jinja_env.from_string(source)
return _render(app, template, context)
ctx = app_ctx._get_current_object()
template = ctx.app.jinja_env.from_string(source)
return _render(ctx, template, context)
def _stream(
app: Flask, template: Template, context: dict[str, t.Any]
ctx: AppContext, template: Template, context: dict[str, t.Any]
) -> t.Iterator[str]:
app.update_template_context(context)
app = ctx.app
app.update_template_context(ctx, context)
before_render_template.send(
app, _async_wrapper=app.ensure_sync, template=template, context=context
)
@ -176,13 +175,7 @@ def _stream(
app, _async_wrapper=app.ensure_sync, template=template, context=context
)
rv = generate()
# If a request context is active, keep it while generating.
if request:
rv = stream_with_context(rv)
return rv
return stream_with_context(generate())
def stream_template(
@ -199,9 +192,9 @@ def stream_template(
.. versionadded:: 2.2
"""
app = current_app._get_current_object() # type: ignore[attr-defined]
template = app.jinja_env.get_or_select_template(template_name_or_list)
return _stream(app, template, context)
ctx = app_ctx._get_current_object()
template = ctx.app.jinja_env.get_or_select_template(template_name_or_list)
return _stream(ctx, template, context)
def stream_template_string(source: str, **context: t.Any) -> t.Iterator[str]:
@ -214,6 +207,6 @@ def stream_template_string(source: str, **context: t.Any) -> t.Iterator[str]:
.. versionadded:: 2.2
"""
app = current_app._get_current_object() # type: ignore[attr-defined]
template = app.jinja_env.from_string(source)
return _stream(app, template, context)
ctx = app_ctx._get_current_object()
template = ctx.app.jinja_env.from_string(source)
return _stream(ctx, template, context)

8
src/flask/testing.py
View file

@ -107,10 +107,10 @@ def _get_werkzeug_version() -> str:
class FlaskClient(Client):
"""Works like a regular Werkzeug test client but has knowledge about
Flask's contexts to defer the cleanup of the request context until
the end of a ``with`` block. For general information about how to
use this class refer to :class:`werkzeug.test.Client`.
"""Works like a regular Werkzeug test client, with additional behavior for
Flask. Can defer the cleanup of the request context until the end of a
``with`` block. For general information about how to use this class refer to
:class:`werkzeug.test.Client`.
.. versionchanged:: 0.12
`app.test_client()` includes preset default environment, which can be

60
src/flask/typing.py
View file

@ -23,8 +23,7 @@ ResponseValue = t.Union[
]
# the possible types for an individual HTTP header
# This should be a Union, but mypy doesn't pass unless it's a TypeVar.
HeaderValue = t.Union[str, list[str], tuple[str, ...]]
HeaderValue = str | list[str] | tuple[str, ...]
# the possible types for HTTP headers
HeadersValue = t.Union[
@ -47,34 +46,29 @@ ResponseReturnValue = t.Union[
# callback annotated with flask.Response fail type checking.
ResponseClass = t.TypeVar("ResponseClass", bound="Response")
AppOrBlueprintKey = t.Optional[str] # The App key is None, whereas blueprints are named
AfterRequestCallable = t.Union[
t.Callable[[ResponseClass], ResponseClass],
t.Callable[[ResponseClass], t.Awaitable[ResponseClass]],
]
BeforeFirstRequestCallable = t.Union[
t.Callable[[], None], t.Callable[[], t.Awaitable[None]]
]
BeforeRequestCallable = t.Union[
t.Callable[[], t.Optional[ResponseReturnValue]],
t.Callable[[], t.Awaitable[t.Optional[ResponseReturnValue]]],
]
AppOrBlueprintKey = str | None # The App key is None, whereas blueprints are named
AfterRequestCallable = (
t.Callable[[ResponseClass], ResponseClass]
| t.Callable[[ResponseClass], t.Awaitable[ResponseClass]]
)
BeforeFirstRequestCallable = t.Callable[[], None] | t.Callable[[], t.Awaitable[None]]
BeforeRequestCallable = (
t.Callable[[], ResponseReturnValue | None]
| t.Callable[[], t.Awaitable[ResponseReturnValue | None]]
)
ShellContextProcessorCallable = t.Callable[[], dict[str, t.Any]]
TeardownCallable = t.Union[
t.Callable[[t.Optional[BaseException]], None],
t.Callable[[t.Optional[BaseException]], t.Awaitable[None]],
]
TemplateContextProcessorCallable = t.Union[
t.Callable[[], dict[str, t.Any]],
t.Callable[[], t.Awaitable[dict[str, t.Any]]],
]
TeardownCallable = (
t.Callable[[BaseException | None], None]
| t.Callable[[BaseException | None], t.Awaitable[None]]
)
TemplateContextProcessorCallable = (
t.Callable[[], dict[str, t.Any]] | t.Callable[[], t.Awaitable[dict[str, t.Any]]]
)
TemplateFilterCallable = t.Callable[..., t.Any]
TemplateGlobalCallable = t.Callable[..., t.Any]
TemplateTestCallable = t.Callable[..., bool]
URLDefaultCallable = t.Callable[[str, dict[str, t.Any]], None]
URLValuePreprocessorCallable = t.Callable[
[t.Optional[str], t.Optional[dict[str, t.Any]]], None
]
URLValuePreprocessorCallable = t.Callable[[str | None, dict[str, t.Any] | None], None]
# This should take Exception, but that either breaks typing the argument
# with a specific exception, or decorating multiple times with different
@ -82,12 +76,12 @@ URLValuePreprocessorCallable = t.Callable[
# https://github.com/pallets/flask/issues/4095
# https://github.com/pallets/flask/issues/4295
# https://github.com/pallets/flask/issues/4297
ErrorHandlerCallable = t.Union[
t.Callable[[t.Any], ResponseReturnValue],
t.Callable[[t.Any], t.Awaitable[ResponseReturnValue]],
]
ErrorHandlerCallable = (
t.Callable[[t.Any], ResponseReturnValue]
| t.Callable[[t.Any], t.Awaitable[ResponseReturnValue]]
)
RouteCallable = t.Union[
t.Callable[..., ResponseReturnValue],
t.Callable[..., t.Awaitable[ResponseReturnValue]],
]
RouteCallable = (
t.Callable[..., ResponseReturnValue]
| t.Callable[..., t.Awaitable[ResponseReturnValue]]
)

17
tests/conftest.py
View file

@ -5,7 +5,7 @@ import pytest
from _pytest import monkeypatch
from flask import Flask
from flask.globals import request_ctx
from flask.globals import app_ctx as _app_ctx
@pytest.fixture(scope="session", autouse=True)
@ -83,16 +83,17 @@ def test_apps(monkeypatch):
@pytest.fixture(autouse=True)
def leak_detector():
"""Fails if any app contexts are still pushed when a test ends. Pops all
contexts so subsequent tests are not affected.
"""
yield
# make sure we're not leaking a request context since we are
# testing flask internally in debug mode in a few cases
leaks = []
while request_ctx:
leaks.append(request_ctx._get_current_object())
request_ctx.pop()
assert leaks == []
while _app_ctx:
leaks.append(_app_ctx._get_current_object())
_app_ctx.pop()
assert not leaks
@pytest.fixture

66
tests/test_appctx.py
View file

@ -1,8 +1,10 @@
import sys
import pytest
import flask
from flask.globals import app_ctx
from flask.globals import request_ctx
from flask.testing import FlaskClient
def test_basic_url_generation(app):
@ -107,7 +109,8 @@ def test_app_tearing_down_with_handled_exception_by_app_handler(app, client):
with app.app_context():
client.get("/")
assert cleanup_stuff == [None]
# teardown request context, and with block context
assert cleanup_stuff == [None, None]
def test_app_tearing_down_with_unhandled_exception(app, client):
@ -126,9 +129,11 @@ def test_app_tearing_down_with_unhandled_exception(app, client):
with app.app_context():
client.get("/")
assert len(cleanup_stuff) == 1
assert len(cleanup_stuff) == 2
assert isinstance(cleanup_stuff[0], ValueError)
assert str(cleanup_stuff[0]) == "dummy"
# exception propagated, seen by request context and with block context
assert cleanup_stuff[0] is cleanup_stuff[1]
def test_app_ctx_globals_methods(app, app_ctx):
@ -178,8 +183,7 @@ def test_context_refcounts(app, client):
@app.route("/")
def index():
with app_ctx:
with request_ctx:
pass
pass
assert flask.request.environ["werkzeug.request"] is not None
return ""
@ -207,3 +211,55 @@ def test_clean_pop(app):
assert called == ["flask_test", "TEARDOWN"]
assert not flask.current_app
def test_robust_teardown(app: flask.Flask, client: FlaskClient) -> None:
count = 0
@app.teardown_request
def request_teardown(e: Exception | None) -> None:
nonlocal count
count += 1
raise ValueError("request_teardown")
@app.teardown_appcontext
def app_teardown(e: Exception | None) -> None:
nonlocal count
count += 1
raise ValueError("app_teardown")
@app.get("/")
def index() -> str:
return ""
def request_signal(sender: flask.Flask, exc: Exception | None) -> None:
nonlocal count
count += 1
raise ValueError("request_signal")
def app_signal(sender: flask.Flask, exc: Exception | None) -> None:
nonlocal count
count += 1
raise ValueError("app_signal")
with (
flask.request_tearing_down.connected_to(request_signal, app),
flask.appcontext_tearing_down.connected_to(app_signal, app),
):
if sys.version_info >= (3, 11):
with pytest.raises(ExceptionGroup, match="context teardown") as exc_info: # noqa: F821
client.get()
assert len(exc_info.value.exceptions) == 2
eg1, eg2 = exc_info.value.exceptions
assert isinstance(eg1, ExceptionGroup) # noqa: F821
assert "request teardown" in eg1.message
assert len(eg1.exceptions) == 2
assert isinstance(eg2, ExceptionGroup) # noqa: F821
assert "app teardown" in eg2.message
assert len(eg2.exceptions) == 2
else:
with pytest.raises(ValueError, match="request_teardown"):
client.get()
assert count == 4

230
tests/test_basic.py
View file

@ -1,8 +1,8 @@
import gc
import importlib.metadata
import re
import typing as t
import uuid
import warnings
import weakref
from contextlib import nullcontext
from datetime import datetime
@ -20,6 +20,8 @@ from werkzeug.routing import BuildError
from werkzeug.routing import RequestRedirect
import flask
from flask.globals import app_ctx
from flask.testing import FlaskClient
require_cpython_gc = pytest.mark.skipif(
python_implementation() != "CPython",
@ -67,63 +69,61 @@ def test_method_route_no_methods(app):
app.get("/", methods=["GET", "POST"])
def test_provide_automatic_options_attr():
app = flask.Flask(__name__)
def test_provide_automatic_options_attr_disable(
app: flask.Flask, client: FlaskClient
) -> None:
"""Automatic options can be disabled by the view func attribute."""
def index():
return "Hello World!"
index.provide_automatic_options = False
app.route("/")(index)
rv = app.test_client().open("/", method="OPTIONS")
app.add_url_rule("/", view_func=index)
rv = client.options()
assert rv.status_code == 405
app = flask.Flask(__name__)
def index2():
def test_provide_automatic_options_attr_enable(
app: flask.Flask, client: FlaskClient
) -> None:
"""When default automatic options is disabled in config, it can still be
enabled by the view function attribute.
"""
app.config["PROVIDE_AUTOMATIC_OPTIONS"] = False
def index():
return "Hello World!"
index2.provide_automatic_options = True
app.route("/", methods=["OPTIONS"])(index2)
rv = app.test_client().open("/", method="OPTIONS")
assert sorted(rv.allow) == ["OPTIONS"]
index.provide_automatic_options = True
app.add_url_rule("/", view_func=index)
rv = client.options()
assert rv.allow == {"GET", "HEAD", "OPTIONS"}
def test_provide_automatic_options_kwarg(app, client):
def test_provide_automatic_options_arg_disable(
app: flask.Flask, client: FlaskClient
) -> None:
"""Automatic options can be disabled by the route argument."""
@app.get("/", provide_automatic_options=False)
def index():
return flask.request.method
return "Hello World!"
def more():
return flask.request.method
app.add_url_rule("/", view_func=index, provide_automatic_options=False)
app.add_url_rule(
"/more",
view_func=more,
methods=["GET", "POST"],
provide_automatic_options=False,
)
assert client.get("/").data == b"GET"
rv = client.post("/")
assert rv.status_code == 405
assert sorted(rv.allow) == ["GET", "HEAD"]
rv = client.open("/", method="OPTIONS")
rv = client.options()
assert rv.status_code == 405
rv = client.head("/")
assert rv.status_code == 200
assert not rv.data # head truncates
assert client.post("/more").data == b"POST"
assert client.get("/more").data == b"GET"
rv = client.delete("/more")
assert rv.status_code == 405
assert sorted(rv.allow) == ["GET", "HEAD", "POST"]
def test_provide_automatic_options_method_disable(
app: flask.Flask, client: FlaskClient
) -> None:
"""Automatic options is ignored if the route handles options."""
rv = client.open("/more", method="OPTIONS")
assert rv.status_code == 405
@app.route("/", methods=["OPTIONS"])
def index():
return "", {"X-Test": "test"}
rv = client.options()
assert rv.headers["X-Test"] == "test"
def test_request_dispatching(app, client):
@ -231,27 +231,46 @@ def test_endpoint_decorator(app, client):
assert client.get("/foo/bar").data == b"bar"
def test_session(app, client):
@app.route("/set", methods=["POST"])
def set():
assert not flask.session.accessed
assert not flask.session.modified
def test_session_accessed(app: flask.Flask, client: FlaskClient) -> None:
@app.post("/")
def do_set():
flask.session["value"] = flask.request.form["value"]
assert flask.session.accessed
assert flask.session.modified
return "value set"
@app.route("/get")
def get():
assert not flask.session.accessed
assert not flask.session.modified
v = flask.session.get("value", "None")
assert flask.session.accessed
assert not flask.session.modified
return v
@app.get("/")
def do_get():
return flask.session.get("value", "None")
assert client.post("/set", data={"value": "42"}).data == b"value set"
assert client.get("/get").data == b"42"
@app.get("/nothing")
def do_nothing() -> str:
return ""
with client:
rv = client.get("/nothing")
assert "cookie" not in rv.vary
assert not app_ctx._session.accessed
assert not app_ctx._session.modified
with client:
rv = client.post(data={"value": "42"})
assert rv.text == "value set"
assert "cookie" in rv.vary
assert app_ctx._session.accessed
assert app_ctx._session.modified
with client:
rv = client.get()
assert rv.text == "42"
assert "cookie" in rv.vary
assert app_ctx._session.accessed
assert not app_ctx._session.modified
with client:
rv = client.get("/nothing")
assert rv.text == ""
assert "cookie" not in rv.vary
assert not app_ctx._session.accessed
assert not app_ctx._session.modified
def test_session_path(app, client):
@ -1401,20 +1420,21 @@ def test_url_for_passes_special_values_to_build_error_handler(app):
def test_static_files(app, client):
rv = client.get("/static/index.html")
assert rv.status_code == 200
assert rv.data.strip() == b"<h1>Hello World!</h1>"
with app.test_request_context():
assert flask.url_for("static", filename="index.html") == "/static/index.html"
rv.close()
with client.get("/static/index.html") as rv:
assert rv.status_code == 200
assert rv.data.strip() == b"<h1>Hello World!</h1>"
with app.test_request_context():
assert (
flask.url_for("static", filename="index.html") == "/static/index.html"
)
def test_static_url_path():
app = flask.Flask(__name__, static_url_path="/foo")
app.testing = True
rv = app.test_client().get("/foo/index.html")
assert rv.status_code == 200
rv.close()
with app.test_client().get("/foo/index.html") as rv:
assert rv.status_code == 200
with app.test_request_context():
assert flask.url_for("static", filename="index.html") == "/foo/index.html"
@ -1423,9 +1443,9 @@ def test_static_url_path():
def test_static_url_path_with_ending_slash():
app = flask.Flask(__name__, static_url_path="/foo/")
app.testing = True
rv = app.test_client().get("/foo/index.html")
assert rv.status_code == 200
rv.close()
with app.test_client().get("/foo/index.html") as rv:
assert rv.status_code == 200
with app.test_request_context():
assert flask.url_for("static", filename="index.html") == "/foo/index.html"
@ -1433,25 +1453,25 @@ def test_static_url_path_with_ending_slash():
def test_static_url_empty_path(app):
app = flask.Flask(__name__, static_folder="", static_url_path="")
rv = app.test_client().open("/static/index.html", method="GET")
assert rv.status_code == 200
rv.close()
with app.test_client().open("/static/index.html", method="GET") as rv:
assert rv.status_code == 200
def test_static_url_empty_path_default(app):
app = flask.Flask(__name__, static_folder="")
rv = app.test_client().open("/static/index.html", method="GET")
assert rv.status_code == 200
rv.close()
with app.test_client().open("/static/index.html", method="GET") as rv:
assert rv.status_code == 200
def test_static_folder_with_pathlib_path(app):
from pathlib import Path
app = flask.Flask(__name__, static_folder=Path("static"))
rv = app.test_client().open("/static/index.html", method="GET")
assert rv.status_code == 200
rv.close()
with app.test_client().open("/static/index.html", method="GET") as rv:
assert rv.status_code == 200
def test_static_folder_with_ending_slash():
@ -1468,9 +1488,10 @@ def test_static_folder_with_ending_slash():
def test_static_route_with_host_matching():
app = flask.Flask(__name__, host_matching=True, static_host="example.com")
c = app.test_client()
rv = c.get("http://example.com/static/index.html")
assert rv.status_code == 200
rv.close()
with c.get("http://example.com/static/index.html") as rv:
assert rv.status_code == 200
with app.test_request_context():
rv = flask.url_for("static", filename="index.html", _external=True)
assert rv == "http://example.com/static/index.html"
@ -1491,20 +1512,22 @@ def test_request_locals():
assert not flask.g
werkzeug_3_2 = importlib.metadata.version("werkzeug") >= "3.2."
@pytest.mark.parametrize(
("subdomain_matching", "host_matching", "expect_base", "expect_abc", "expect_xyz"),
("subdomain_matching", "host_matching", "expect_subdomain", "expect_host"),
[
(False, False, "default", "default", "default"),
(True, False, "default", "abc", "<invalid>"),
(False, True, "default", "abc", "default"),
(False, False, "default", "default"),
(True, False, "abc", "<invalid>"),
(False, True, "abc", "default"),
],
)
def test_server_name_matching(
subdomain_matching: bool,
host_matching: bool,
expect_base: str,
expect_abc: str,
expect_xyz: str,
expect_subdomain: str,
expect_host: str,
) -> None:
app = flask.Flask(
__name__,
@ -1522,15 +1545,18 @@ def test_server_name_matching(
client = app.test_client()
r = client.get(base_url="http://example.test")
assert r.text == expect_base
assert r.text == "default"
r = client.get(base_url="http://abc.example.test")
assert r.text == expect_abc
assert r.text == expect_subdomain
with pytest.warns() if subdomain_matching else nullcontext():
r = client.get(base_url="http://xyz.other.test")
assert r.text == expect_xyz
if werkzeug_3_2:
assert r.text == "default"
else:
assert r.text == expect_host
def test_server_name_subdomain():
@ -1566,12 +1592,12 @@ def test_server_name_subdomain():
rv = client.get("/", "https://dev.local")
assert rv.data == b"default"
# suppress Werkzeug 0.15 warning about name mismatch
with warnings.catch_warnings():
warnings.filterwarnings(
"ignore", "Current server name", UserWarning, "flask.app"
)
with pytest.warns(match="Current server name"):
rv = client.get("/", "http://foo.localhost")
if werkzeug_3_2:
assert rv.status_code == 200
else:
assert rv.status_code == 404
rv = client.get("/", "http://foo.dev.local")
@ -1807,13 +1833,13 @@ def test_subdomain_matching_other_name(matching):
def index():
return "", 204
# suppress Werkzeug 0.15 warning about name mismatch
with warnings.catch_warnings():
warnings.filterwarnings(
"ignore", "Current server name", UserWarning, "flask.app"
)
# ip address can't match name
with pytest.warns(match="Current server name") if matching else nullcontext():
# ip address can't match name, but will fall back to default
rv = client.get("/", "http://127.0.0.1:3000/")
if werkzeug_3_2:
assert rv.status_code == 204
else:
assert rv.status_code == 404 if matching else 204
# allow all subdomains if matching is disabled

124
tests/test_blueprints.py
View file

@ -184,12 +184,12 @@ def test_templates_and_static(test_apps):
assert rv.data == b"Hello from the Admin"
rv = client.get("/admin/index2")
assert rv.data == b"Hello from the Admin"
rv = client.get("/admin/static/test.txt")
assert rv.data.strip() == b"Admin File"
rv.close()
rv = client.get("/admin/static/css/test.css")
assert rv.data.strip() == b"/* nested file */"
rv.close()
with client.get("/admin/static/test.txt") as rv:
assert rv.data.strip() == b"Admin File"
with client.get("/admin/static/css/test.css") as rv:
assert rv.data.strip() == b"/* nested file */"
# try/finally, in case other tests use this app for Blueprint tests.
max_age_default = app.config["SEND_FILE_MAX_AGE_DEFAULT"]
@ -198,10 +198,10 @@ def test_templates_and_static(test_apps):
if app.config["SEND_FILE_MAX_AGE_DEFAULT"] == expected_max_age:
expected_max_age = 7200
app.config["SEND_FILE_MAX_AGE_DEFAULT"] = expected_max_age
rv = client.get("/admin/static/css/test.css")
cc = parse_cache_control_header(rv.headers["Cache-Control"])
assert cc.max_age == expected_max_age
rv.close()
with client.get("/admin/static/css/test.css") as rv:
cc = parse_cache_control_header(rv.headers["Cache-Control"])
assert cc.max_age == expected_max_age
finally:
app.config["SEND_FILE_MAX_AGE_DEFAULT"] = max_age_default
@ -220,28 +220,19 @@ def test_templates_and_static(test_apps):
assert flask.render_template("nested/nested.txt") == "I'm nested"
def test_default_static_max_age(app):
def test_default_static_max_age(app: flask.Flask) -> None:
class MyBlueprint(flask.Blueprint):
def get_send_file_max_age(self, filename):
return 100
blueprint = MyBlueprint("blueprint", __name__, static_folder="static")
blueprint = MyBlueprint(
"blueprint", __name__, url_prefix="/bp", static_folder="static"
)
app.register_blueprint(blueprint)
# try/finally, in case other tests use this app for Blueprint tests.
max_age_default = app.config["SEND_FILE_MAX_AGE_DEFAULT"]
try:
with app.test_request_context():
unexpected_max_age = 3600
if app.config["SEND_FILE_MAX_AGE_DEFAULT"] == unexpected_max_age:
unexpected_max_age = 7200
app.config["SEND_FILE_MAX_AGE_DEFAULT"] = unexpected_max_age
rv = blueprint.send_static_file("index.html")
cc = parse_cache_control_header(rv.headers["Cache-Control"])
assert cc.max_age == 100
rv.close()
finally:
app.config["SEND_FILE_MAX_AGE_DEFAULT"] = max_age_default
with app.test_request_context(), blueprint.send_static_file("index.html") as rv:
cc = parse_cache_control_header(rv.headers["Cache-Control"])
assert cc.max_age == 100
def test_templates_list(test_apps):
@ -366,11 +357,35 @@ def test_template_filter(app):
def my_reverse(s):
return s[::-1]
@bp.app_template_filter
def my_reverse_2(s):
return s[::-1]
@bp.app_template_filter("my_reverse_custom_name_3")
def my_reverse_3(s):
return s[::-1]
@bp.app_template_filter(name="my_reverse_custom_name_4")
def my_reverse_4(s):
return s[::-1]
app.register_blueprint(bp, url_prefix="/py")
assert "my_reverse" in app.jinja_env.filters.keys()
assert app.jinja_env.filters["my_reverse"] == my_reverse
assert app.jinja_env.filters["my_reverse"]("abcd") == "dcba"
assert "my_reverse_2" in app.jinja_env.filters.keys()
assert app.jinja_env.filters["my_reverse_2"] == my_reverse_2
assert app.jinja_env.filters["my_reverse_2"]("abcd") == "dcba"
assert "my_reverse_custom_name_3" in app.jinja_env.filters.keys()
assert app.jinja_env.filters["my_reverse_custom_name_3"] == my_reverse_3
assert app.jinja_env.filters["my_reverse_custom_name_3"]("abcd") == "dcba"
assert "my_reverse_custom_name_4" in app.jinja_env.filters.keys()
assert app.jinja_env.filters["my_reverse_custom_name_4"] == my_reverse_4
assert app.jinja_env.filters["my_reverse_custom_name_4"]("abcd") == "dcba"
def test_add_template_filter(app):
bp = flask.Blueprint("bp", __name__)
@ -502,11 +517,35 @@ def test_template_test(app):
def is_boolean(value):
return isinstance(value, bool)
@bp.app_template_test
def boolean_2(value):
return isinstance(value, bool)
@bp.app_template_test("my_boolean_custom_name")
def boolean_3(value):
return isinstance(value, bool)
@bp.app_template_test(name="my_boolean_custom_name_2")
def boolean_4(value):
return isinstance(value, bool)
app.register_blueprint(bp, url_prefix="/py")
assert "is_boolean" in app.jinja_env.tests.keys()
assert app.jinja_env.tests["is_boolean"] == is_boolean
assert app.jinja_env.tests["is_boolean"](False)
assert "boolean_2" in app.jinja_env.tests.keys()
assert app.jinja_env.tests["boolean_2"] == boolean_2
assert app.jinja_env.tests["boolean_2"](False)
assert "my_boolean_custom_name" in app.jinja_env.tests.keys()
assert app.jinja_env.tests["my_boolean_custom_name"] == boolean_3
assert app.jinja_env.tests["my_boolean_custom_name"](False)
assert "my_boolean_custom_name_2" in app.jinja_env.tests.keys()
assert app.jinja_env.tests["my_boolean_custom_name_2"] == boolean_4
assert app.jinja_env.tests["my_boolean_custom_name_2"](False)
def test_add_template_test(app):
bp = flask.Blueprint("bp", __name__)
@ -679,6 +718,18 @@ def test_template_global(app):
def get_answer():
return 42
@bp.app_template_global
def get_stuff_1():
return "get_stuff_1"
@bp.app_template_global("my_get_stuff_custom_name_2")
def get_stuff_2():
return "get_stuff_2"
@bp.app_template_global(name="my_get_stuff_custom_name_3")
def get_stuff_3():
return "get_stuff_3"
# Make sure the function is not in the jinja_env already
assert "get_answer" not in app.jinja_env.globals.keys()
app.register_blueprint(bp)
@ -688,10 +739,31 @@ def test_template_global(app):
assert app.jinja_env.globals["get_answer"] is get_answer
assert app.jinja_env.globals["get_answer"]() == 42
assert "get_stuff_1" in app.jinja_env.globals.keys()
assert app.jinja_env.globals["get_stuff_1"] == get_stuff_1
assert app.jinja_env.globals["get_stuff_1"](), "get_stuff_1"
assert "my_get_stuff_custom_name_2" in app.jinja_env.globals.keys()
assert app.jinja_env.globals["my_get_stuff_custom_name_2"] == get_stuff_2
assert app.jinja_env.globals["my_get_stuff_custom_name_2"](), "get_stuff_2"
assert "my_get_stuff_custom_name_3" in app.jinja_env.globals.keys()
assert app.jinja_env.globals["my_get_stuff_custom_name_3"] == get_stuff_3
assert app.jinja_env.globals["my_get_stuff_custom_name_3"](), "get_stuff_3"
with app.app_context():
rv = flask.render_template_string("{{ get_answer() }}")
assert rv == "42"
rv = flask.render_template_string("{{ get_stuff_1() }}")
assert rv == "get_stuff_1"
rv = flask.render_template_string("{{ my_get_stuff_custom_name_2() }}")
assert rv == "get_stuff_2"
rv = flask.render_template_string("{{ my_get_stuff_custom_name_3() }}")
assert rv == "get_stuff_3"
def test_request_processing(app, client):
bp = flask.Blueprint("bp", __name__)

3
tests/test_cli.py
View file

@ -462,7 +462,7 @@ class TestRoutes:
def expect_order(self, order, output):
# skip the header and match the start of each row
for expect, line in zip(order, output.splitlines()[2:]):
for expect, line in zip(order, output.splitlines()[2:], strict=False):
# do this instead of startswith for nicer pytest output
assert line[: len(expect)] == expect
@ -489,6 +489,7 @@ class TestRoutes:
def test_all_methods(self, invoke):
output = invoke(["routes"]).output
assert "GET, HEAD, OPTIONS, POST" not in output
output = invoke(["routes", "--all-methods"]).output
assert "GET, HEAD, OPTIONS, POST" in output

64
tests/test_helpers.py
View file

@ -32,45 +32,39 @@ class PyBytesIO:
class TestSendfile:
def test_send_file(self, app, req_ctx):
rv = flask.send_file("static/index.html")
assert rv.direct_passthrough
assert rv.mimetype == "text/html"
with app.open_resource("static/index.html") as f:
rv.direct_passthrough = False
assert rv.data == f.read()
expect = f.read()
rv.close()
with flask.send_file("static/index.html") as rv:
assert rv.direct_passthrough
assert rv.mimetype == "text/html"
rv.direct_passthrough = False
assert rv.data == expect
def test_static_file(self, app, req_ctx):
# Default max_age is None.
# Test with static file handler.
rv = app.send_static_file("index.html")
assert rv.cache_control.max_age is None
rv.close()
with app.send_static_file("index.html") as rv:
assert rv.cache_control.max_age is None
# Test with direct use of send_file.
rv = flask.send_file("static/index.html")
assert rv.cache_control.max_age is None
rv.close()
with flask.send_file("static/index.html") as rv:
assert rv.cache_control.max_age is None
app.config["SEND_FILE_MAX_AGE_DEFAULT"] = 3600
# Test with static file handler.
rv = app.send_static_file("index.html")
assert rv.cache_control.max_age == 3600
rv.close()
with app.send_static_file("index.html") as rv:
assert rv.cache_control.max_age == 3600
# Test with direct use of send_file.
rv = flask.send_file("static/index.html")
assert rv.cache_control.max_age == 3600
rv.close()
with flask.send_file("static/index.html") as rv:
assert rv.cache_control.max_age == 3600
# Test with pathlib.Path.
rv = app.send_static_file(FakePath("index.html"))
assert rv.cache_control.max_age == 3600
rv.close()
with app.send_static_file(FakePath("index.html")) as rv:
assert rv.cache_control.max_age == 3600
class StaticFileApp(flask.Flask):
def get_send_file_max_age(self, filename):
@ -80,23 +74,21 @@ class TestSendfile:
with app.test_request_context():
# Test with static file handler.
rv = app.send_static_file("index.html")
assert rv.cache_control.max_age == 10
rv.close()
with app.send_static_file("index.html") as rv:
assert rv.cache_control.max_age == 10
# Test with direct use of send_file.
rv = flask.send_file("static/index.html")
assert rv.cache_control.max_age == 10
rv.close()
with flask.send_file("static/index.html") as rv:
assert rv.cache_control.max_age == 10
def test_send_from_directory(self, app, req_ctx):
app.root_path = os.path.join(
os.path.dirname(__file__), "test_apps", "subdomaintestmodule"
)
rv = flask.send_from_directory("static", "hello.txt")
rv.direct_passthrough = False
assert rv.data.strip() == b"Hello Subdomain"
rv.close()
with flask.send_from_directory("static", "hello.txt") as rv:
rv.direct_passthrough = False
assert rv.data.strip() == b"Hello Subdomain"
class TestUrlFor:
@ -319,15 +311,17 @@ class TestStreaming:
# response is closed without reading stream
client.get().close()
# response stream is read
assert client.get().text == "flask"
with client.get() as rv:
assert rv.text == "flask"
# same as above, but with client context preservation
with client:
client.get().close()
with client:
assert client.get().text == "flask"
with client, client.get() as rv:
assert rv.text == "flask"
class TestHelpers:

132
tests/test_reqctx.py
View file

@ -1,16 +1,15 @@
from __future__ import annotations
import collections.abc as cabc
import warnings
from concurrent import futures
import pytest
import flask
from flask.globals import request_ctx
from flask.sessions import SecureCookieSessionInterface
from flask.sessions import SessionInterface
try:
from greenlet import greenlet
except ImportError:
greenlet = None
from flask.testing import FlaskClient
def test_teardown_on_pop(app):
@ -145,61 +144,34 @@ def test_manual_context_binding(app):
index()
@pytest.mark.skipif(greenlet is None, reason="greenlet not installed")
class TestGreenletContextCopying:
def test_greenlet_context_copying(self, app, client):
greenlets = []
def test_copy_context_thread(
request: pytest.FixtureRequest, app: flask.Flask, client: FlaskClient
) -> None:
executor = futures.ThreadPoolExecutor(max_workers=2)
request.addfinalizer(lambda: executor.shutdown(cancel_futures=True))
result: cabc.Iterator[int] | None = None
@app.route("/")
def index():
flask.session["fizz"] = "buzz"
reqctx = request_ctx.copy()
@app.route("/")
def index():
flask.session["fizz"] = "buzz"
def g():
assert not flask.request
assert not flask.current_app
with reqctx:
assert flask.request
assert flask.current_app == app
assert flask.request.path == "/"
assert flask.request.args["foo"] == "bar"
assert flask.session.get("fizz") == "buzz"
assert not flask.request
return 42
@flask.copy_current_request_context
def work(n: int) -> int:
assert flask.current_app == app
assert flask.request.path == "/"
assert flask.request.args["foo"] == "bar"
assert flask.session["fizz"] == "buzz"
return n
greenlets.append(greenlet(g))
return "Hello World!"
nonlocal result
result = executor.map(work, range(10))
return "Hello World!"
rv = client.get("/?foo=bar")
assert rv.data == b"Hello World!"
rv = client.get(query_string={"foo": "bar"})
assert rv.text == "Hello World!"
result = greenlets[0].run()
assert result == 42
def test_greenlet_context_copying_api(self, app, client):
greenlets = []
@app.route("/")
def index():
flask.session["fizz"] = "buzz"
@flask.copy_current_request_context
def g():
assert flask.request
assert flask.current_app == app
assert flask.request.path == "/"
assert flask.request.args["foo"] == "bar"
assert flask.session.get("fizz") == "buzz"
return 42
greenlets.append(greenlet(g))
return "Hello World!"
rv = client.get("/?foo=bar")
assert rv.data == b"Hello World!"
result = greenlets[0].run()
assert result == 42
assert result is not None
assert set(result) == set(range(10))
def test_session_error_pops_context():
@ -275,51 +247,3 @@ def test_session_dynamic_cookie_name():
# cookies are being used for the urls that end with "dynamic cookie"
assert test_client.get("/get").data == b"42"
assert test_client.get("/get_dynamic_cookie").data == b"616"
def test_bad_environ_raises_bad_request():
app = flask.Flask(__name__)
from flask.testing import EnvironBuilder
builder = EnvironBuilder(app)
environ = builder.get_environ()
# use a non-printable character in the Host - this is key to this test
environ["HTTP_HOST"] = "\x8a"
with app.request_context(environ):
response = app.full_dispatch_request()
assert response.status_code == 400
def test_environ_for_valid_idna_completes():
app = flask.Flask(__name__)
@app.route("/")
def index():
return "Hello World!"
from flask.testing import EnvironBuilder
builder = EnvironBuilder(app)
environ = builder.get_environ()
# these characters are all IDNA-compatible
environ["HTTP_HOST"] = "ąśźäüжŠßя.com"
with app.request_context(environ):
response = app.full_dispatch_request()
assert response.status_code == 200
def test_normal_environ_completes():
app = flask.Flask(__name__)
@app.route("/")
def index():
return "Hello World!"
response = app.test_client().get("/", headers={"host": "xn--on-0ia.com"})
assert response.status_code == 200

4
tests/test_session_interface.py
View file

@ -1,5 +1,5 @@
import flask
from flask.globals import request_ctx
from flask.globals import app_ctx
from flask.sessions import SessionInterface
@ -14,7 +14,7 @@ def test_open_session_with_endpoint():
pass
def open_session(self, app, request):
request_ctx.match_request()
app_ctx.match_request()
assert request.endpoint is not None
app = flask.Flask(__name__)

2
tests/test_subclassing.py
View file

@ -5,7 +5,7 @@ import flask
def test_suppressed_exception_logging():
class SuppressedFlask(flask.Flask):
def log_exception(self, exc_info):
def log_exception(self, ctx, exc_info):
pass
out = StringIO()

81
tests/test_templating.py
View file

@ -129,6 +129,30 @@ def test_template_filter(app):
assert app.jinja_env.filters["my_reverse"] == my_reverse
assert app.jinja_env.filters["my_reverse"]("abcd") == "dcba"
@app.template_filter
def my_reverse_2(s):
return s[::-1]
assert "my_reverse_2" in app.jinja_env.filters.keys()
assert app.jinja_env.filters["my_reverse_2"] == my_reverse_2
assert app.jinja_env.filters["my_reverse_2"]("abcd") == "dcba"
@app.template_filter("my_reverse_custom_name_3")
def my_reverse_3(s):
return s[::-1]
assert "my_reverse_custom_name_3" in app.jinja_env.filters.keys()
assert app.jinja_env.filters["my_reverse_custom_name_3"] == my_reverse_3
assert app.jinja_env.filters["my_reverse_custom_name_3"]("abcd") == "dcba"
@app.template_filter(name="my_reverse_custom_name_4")
def my_reverse_4(s):
return s[::-1]
assert "my_reverse_custom_name_4" in app.jinja_env.filters.keys()
assert app.jinja_env.filters["my_reverse_custom_name_4"] == my_reverse_4
assert app.jinja_env.filters["my_reverse_custom_name_4"]("abcd") == "dcba"
def test_add_template_filter(app):
def my_reverse(s):
@ -223,6 +247,30 @@ def test_template_test(app):
assert app.jinja_env.tests["boolean"] == boolean
assert app.jinja_env.tests["boolean"](False)
@app.template_test
def boolean_2(value):
return isinstance(value, bool)
assert "boolean_2" in app.jinja_env.tests.keys()
assert app.jinja_env.tests["boolean_2"] == boolean_2
assert app.jinja_env.tests["boolean_2"](False)
@app.template_test("my_boolean_custom_name")
def boolean_3(value):
return isinstance(value, bool)
assert "my_boolean_custom_name" in app.jinja_env.tests.keys()
assert app.jinja_env.tests["my_boolean_custom_name"] == boolean_3
assert app.jinja_env.tests["my_boolean_custom_name"](False)
@app.template_test(name="my_boolean_custom_name_2")
def boolean_4(value):
return isinstance(value, bool)
assert "my_boolean_custom_name_2" in app.jinja_env.tests.keys()
assert app.jinja_env.tests["my_boolean_custom_name_2"] == boolean_4
assert app.jinja_env.tests["my_boolean_custom_name_2"](False)
def test_add_template_test(app):
def boolean(value):
@ -320,6 +368,39 @@ def test_add_template_global(app, app_ctx):
rv = flask.render_template_string("{{ get_stuff() }}")
assert rv == "42"
@app.template_global
def get_stuff_1():
return "get_stuff_1"
assert "get_stuff_1" in app.jinja_env.globals.keys()
assert app.jinja_env.globals["get_stuff_1"] == get_stuff_1
assert app.jinja_env.globals["get_stuff_1"](), "get_stuff_1"
rv = flask.render_template_string("{{ get_stuff_1() }}")
assert rv == "get_stuff_1"
@app.template_global("my_get_stuff_custom_name_2")
def get_stuff_2():
return "get_stuff_2"
assert "my_get_stuff_custom_name_2" in app.jinja_env.globals.keys()
assert app.jinja_env.globals["my_get_stuff_custom_name_2"] == get_stuff_2
assert app.jinja_env.globals["my_get_stuff_custom_name_2"](), "get_stuff_2"
rv = flask.render_template_string("{{ my_get_stuff_custom_name_2() }}")
assert rv == "get_stuff_2"
@app.template_global(name="my_get_stuff_custom_name_3")
def get_stuff_3():
return "get_stuff_3"
assert "my_get_stuff_custom_name_3" in app.jinja_env.globals.keys()
assert app.jinja_env.globals["my_get_stuff_custom_name_3"] == get_stuff_3
assert app.jinja_env.globals["my_get_stuff_custom_name_3"](), "get_stuff_3"
rv = flask.render_template_string("{{ my_get_stuff_custom_name_3() }}")
assert rv == "get_stuff_3"
def test_custom_template_loader(client):
class MyFlask(flask.Flask):

5
tests/test_testing.py
View file

@ -6,7 +6,7 @@ import pytest
import flask
from flask import appcontext_popped
from flask.cli import ScriptInfo
from flask.globals import _cv_request
from flask.globals import _cv_app
from flask.json import jsonify
from flask.testing import EnvironBuilder
from flask.testing import FlaskCliRunner
@ -76,7 +76,6 @@ def test_client_open_environ(app, client, request):
return flask.request.remote_addr
builder = EnvironBuilder(app, path="/index", method="GET")
request.addfinalizer(builder.close)
rv = client.open(builder)
assert rv.data == b"127.0.0.1"
@ -382,4 +381,4 @@ def test_client_pop_all_preserved(app, req_ctx, client):
# close the response, releasing the context held by stream_with_context
rv.close()
# only req_ctx fixture should still be pushed
assert _cv_request.get(None) is req_ctx
assert _cv_app.get(None) is req_ctx

54
tests/test_views.py
View file

@ -2,6 +2,7 @@ import pytest
from werkzeug.http import parse_set_header
import flask.views
from flask.testing import FlaskClient
def common_test(app):
@ -98,44 +99,55 @@ def test_view_decorators(app, client):
assert rv.data == b"Awesome"
def test_view_provide_automatic_options_attr():
app = flask.Flask(__name__)
def test_view_provide_automatic_options_attr_disable(
app: flask.Flask, client: FlaskClient
) -> None:
"""Automatic options can be disabled by the view class attribute."""
class Index1(flask.views.View):
class Index(flask.views.View):
provide_automatic_options = False
def dispatch_request(self):
return "Hello World!"
app.add_url_rule("/", view_func=Index1.as_view("index"))
c = app.test_client()
rv = c.open("/", method="OPTIONS")
app.add_url_rule("/", view_func=Index.as_view("index"))
rv = client.options()
assert rv.status_code == 405
app = flask.Flask(__name__)
class Index2(flask.views.View):
methods = ["OPTIONS"]
def test_view_provide_automatic_options_attr_enable(
app: flask.Flask, client: FlaskClient
) -> None:
"""When default automatic options is disabled in config, it can still be
enabled by the view class attribute.
"""
app.config["PROVIDE_AUTOMATIC_OPTIONS"] = False
class Index(flask.views.View):
provide_automatic_options = True
def dispatch_request(self):
return "Hello World!"
app.add_url_rule("/", view_func=Index2.as_view("index"))
c = app.test_client()
rv = c.open("/", method="OPTIONS")
assert sorted(rv.allow) == ["OPTIONS"]
app.add_url_rule("/", view_func=Index.as_view("index"))
rv = client.options("/")
assert rv.allow == {"GET", "HEAD", "OPTIONS"}
app = flask.Flask(__name__)
class Index3(flask.views.View):
def test_provide_automatic_options_method_disable(
app: flask.Flask, client: FlaskClient
) -> None:
"""Automatic options is ignored if the route handles options."""
class Index(flask.views.View):
methods = ["OPTIONS"]
def dispatch_request(self):
return "Hello World!"
return "", {"X-Test": "test"}
app.add_url_rule("/", view_func=Index3.as_view("index"))
c = app.test_client()
rv = c.open("/", method="OPTIONS")
assert "OPTIONS" in rv.allow
app.add_url_rule("/", view_func=Index.as_view("index"))
rv = client.options()
assert rv.headers["X-Test"] == "test"
def test_implicit_head(app, client):
@ -180,7 +192,7 @@ def test_endpoint_override(app):
app.add_url_rule("/", view_func=Index.as_view("index"))
with pytest.raises(AssertionError):
app.add_url_rule("/", view_func=Index.as_view("index"))
app.add_url_rule("/other", view_func=Index.as_view("index"))
# But these tests should still pass. We just log a warning.
common_test(app)

1926
uv.lock generated
View file

File diff suppressed because it is too large Load diff