These are chat archives for pythonvietnam/Flask

3rd
Feb 2017
malvin9000
@malvin9000
Feb 03 2017 04:04
@imaia check out JS scaffolds
Basically just hook up cross-domain ajax calls to a Flask API
To quickly spin up an SPA I will use a scaffold for a JS framework using Yeoman
Italo Maia
@imaia
Feb 03 2017 12:54
@malvin9000 but did you actually? I'm stitching together flask+vue+semantic-ui and had to solve a few too many issues along the way
malvin9000
@malvin9000
Feb 03 2017 16:49
@imaia did I actually what ?
I used Flask and Vue and Flask and Knockout so far
What issues related to SPA architecture and Flask have you run into?
Italo Maia
@imaia
Feb 03 2017 17:00
@malvin9000 if you actually built a flask SPA; just to share a few thoughts
vue creates a index.html on build; I was planning to serve it from flask
in order to send the csrf token in the first request
malvin9000
@malvin9000
Feb 03 2017 17:03
@imaia Sure, so what I've done thus far is to build completely decoupled front and backends (although hosting your entire Vue frontend in the static directory of you flask app is another way to do it too)
Paul A. Aranguren
@Paulguren
Feb 03 2017 18:49
guys*
Paul A. Aranguren
@Paulguren
Feb 03 2017 19:01
Hey Guys
I was wondering if any of you guys had experience with SQLAlchemy
malvin9000
@malvin9000
Feb 03 2017 22:00
@imaia (not a security expert, this is just my opinion/what I've learned) there's a couple of different approaches for protecting against CSRF: synchronizer tokens (the tokens that are embedded in a form via something like Flask-WTF), double submit cookie, and Origin header check. Instead of messing with tokens, I usually just use the Origin header approach, which is naturally going to work if you're actually hosting the static app on the same URL as your server, so that same origin policy applies. It's just about setting the server headers to explicitly check the value of the Origin header in a request. OWASP outlines the approach here under "Verifying Same Origin with Standard Headers": https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
@Van_Guren_twitter Some, what's up?
Paul A. Aranguren
@Paulguren
Feb 03 2017 22:32
Basically, I'm getting this error: Traceback (most recent call last): File "db_create.py", line 2, in <module> from views import db File "/Users/Paul/Desktop/RealPython/flasktaskr/project/views.py", line 6, in <module> from models import Task File "/Users/Paul/Desktop/RealPython/flasktaskr/project/models.py", line 1, in <module> from views import db
For some reason my task list app isn't loading the SQLAlchemy modules
from models import Task and from views import db
@imaia
sorry not you lol
it was @malvin9000
malvin9000
@malvin9000
Feb 03 2017 22:43
@Van_Guren_twitter What's actually triggering that error message ? What are you doing when you get that traceback (is that happening right upon start up or something else) ?
Just to double check, you are running in with your virtual environment activated and you've definitely installed sqlalchemy in your virutal environment (assuming you're using a virtualenv)?
malvin9000
@malvin9000
Feb 03 2017 22:54
@Van_Guren_twitter Is that the complete error message ?