pythonflaskbad-request

Python Flask 400 Bad Request Error Every Request

I'm working on a Flask app and recently converted it to a simple blueprint template with only one app. It works fine when in debug mode (FLASK_DEBUG=1), but when it's not in debug mode I get "HTTPStatus.BAD_REQUEST - code 400" no matter what page I try to hit. It automatically hits https://127.0.0.1:5000, so I've tried doing http://127.0.0.1:5000 but that also doesn't work as it seems to redirect back to https.

application.py

from app import create_app

application = app = create_app()

if __name__ == "__main__":
    application.run()

routes.py (only including the index route for brevity and leaving out imports)

app_blueprint = Blueprint('app_blueprint', __name__, template_folder='app/templates', static_folder='static')

@app_blueprint.route('/')
@app_blueprint.route('/index')
def index():
    return render_template('app_blueprint/index.html', title='Home')

init.py from within the app. My csp is a mess as I was playing around to see if that was causing an issue.

migrate = Migrate()
login = LoginManager()
login.login_view = 'login'
mail = Mail()
moment = Moment()

talisman = Talisman()

def create_app(config_class=Config):
    application = Flask(__name__)
    application.config.from_object(config_class)

    from app.models import db
    db.init_app(application)

    migrate.init_app(application, db)
    login.init_app(application)
    mail.init_app(application)
    moment.init_app(application)

    from app.routes import app_blueprint
    application.register_blueprint(app_blueprint)

    csp = {
        'default-src': [
            '\'self\'',
            '*.com',
            'data:'
        ],
        'script-src': [
            '\'self\'',
            'https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.1/moment-with-locales.min.js',
            'https://code.jquery.com/jquery-3.5.1.min.js'
        ],
        'img-src': [
            '\'self\'',
            'data:',
            '*.com',
            '*.net',
            '*.org',
        ]
    }

    talisman.init_app(application, content_security_policy=csp, content_security_policy_nonce_in=['script-src'])
Solution

  • Figured this out. When running talisman, it forces everything to HTTPS except when it's in debug mode.

    Doing the first thing on this article ended up getting it to work. Although, the full article suggests a more sensible approach.