From e35a0f4a69c343412cdfb879e7545707f933934a Mon Sep 17 00:00:00 2001 From: Miguel Grinberg Date: Sun, 22 May 2022 18:49:00 +0100 Subject: [PATCH] Do not allow Werkzeug to be used in production by default (Fixes #1814) --- src/flask_socketio/__init__.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/flask_socketio/__init__.py b/src/flask_socketio/__init__.py index 659a7e90..cd458288 100644 --- a/src/flask_socketio/__init__.py +++ b/src/flask_socketio/__init__.py @@ -536,6 +536,10 @@ def run(self, app, host=None, port=None, **kwargs): # pragma: no cover Defaults to ``True`` in debug mode, ``False`` in normal mode. Unused when the threading async mode is used. + :param allow_unsafe_werkzeug: Set to ``True`` to allow the use of the + Werkzeug web server in a production + setting. Default is ``False``. Set to + ``True`` at your own risk. :param kwargs: Additional web server options. The web server options are specific to the server used in each of the supported async modes. Note that options provided here will @@ -593,6 +597,20 @@ def run(self, app, host=None, port=None, **kwargs): # pragma: no cover from werkzeug._internal import _log _log('warning', 'WebSocket transport not available. Install ' 'simple-websocket for improved performance.') + if not sys.stdin or not sys.stdin.isatty(): # pragma: no cover + allow_unsafe_werkzeug = kwargs.pop('allow_unsafe_werkzeug', + False) + if not allow_unsafe_werkzeug: + raise RuntimeError('The Werkzeug web server is not ' + 'designed to run in production. Pass ' + 'allow_unsafe_werkzeug=True to the ' + 'run() method to disable this error.') + else: + from werkzeug._internal import _log + _log('warning', ('Werkzeug appears to be used in a ' + 'production deployment. Consider ' + 'switching to a production web server ' + 'instead.')) app.run(host=host, port=port, threaded=True, use_reloader=use_reloader, **reloader_options, **kwargs) elif self.server.eio.async_mode == 'eventlet':