Brave Search

reddit.com › r › flask › comments › 10hx2fa › is_flasktalisman_still_the_way_to_go

I still use it for secure headers, curious if there's any other tool that can do the trick. Answer from Own-Bus-6262 on reddit.com

PyPI

pypi.org › project › flask-talisman

flask-talisman · PyPI

HTTP security headers for Flask. ... Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.

Help

The Python Package Index (PyPI) is a repository of software for the Python programming language.

Sponsors

The Python Package Index (PyPI) is a repository of software for the Python programming language.

Register

The Python Package Index (PyPI) is a repository of software for the Python programming language.

Log in

The Python Package Index (PyPI) is a repository of software for the Python programming language.

PyPI

pypi.org › project › talisman

talisman · PyPI

HTTP security headers for Flask. ... Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.

      » pip install talisman

Published Nov 13, 2015

Version 0.1.0

Homepage https://github.com/GoogleCloudPlatform/flask-talisman

Discussions

Is flask-talisman still the way to go?

I still use it for secure headers, curious if there's any other tool that can do the trick. More on reddit.com

r/flask

6

11

January 21, 2023

How to configure flask-talisman for CDN scripts and cron jobs in python 3.11 standard google app engine - Stack Overflow

Following the suggestion in the docs, I added flask-talisman but have run into two problems. I'm using apexcharts from CDN and I don't know how to get the nonce right - otherwise I get an error on... More on stackoverflow.com

stackoverflow.com

python - Flask-Talisman breaks Flask-Bootstrap - Stack Overflow

I want my website to always redirect to the secure https version of the site, and I'm using flask-talisman to do this. However for some reason adding this seemingly-unrelated line of code is breaki... More on stackoverflow.com

stackoverflow.com

When to use flask-talisman?

You can see the list of things Talisman allows you to do on the website . CSP is the big win, but it also does things like forcing HTTPS connections. It’s probably a good idea to have it turned on, but be aware that CSPs have uneven support in various libraries. For example, Flask-admin doesn’t fully support them, nor does bootstrap. So you might have to tweak some code to silence warnings and/or get your site working. Even if you leave CSPs off, Talisman enables a host of security best practices which you should either be using by default, or fully understand the reason you aren’t using. More on reddit.com

r/flask

2

4

January 5, 2023

GitHub

github.com › GoogleCloudPlatform › flask-talisman › blob › master › flask_talisman › talisman.py

flask-talisman/flask_talisman/talisman.py at master · GoogleCloudPlatform/flask-talisman

HTTP security headers for Flask. Contribute to GoogleCloudPlatform/flask-talisman development by creating an account on GitHub.

Author GoogleCloudPlatform

GitHub

github.com › GoogleCloudPlatform › flask-talisman

GitHub - GoogleCloudPlatform/flask-talisman: HTTP security headers for Flask · GitHub

Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.

Starred by 936 users

Forked by 84 users

Languages Python 94.7% | HTML 4.2% | Dockerfile 1.1%

reddit.com › r/flask › is flask-talisman still the way to go?

r/flask on Reddit: Is flask-talisman still the way to go?

January 21, 2023 -

I'm getting close to publishing an app and am curious if people are still using flask-talisman or if there's something better I should be aware of?

It looks like it hasn't been updates since 2019 so maybe it's outdated?

Chime in if you've used it and or have other suggestions.

Thanks flask community!

Top answer

1 of 3

5

I still use it for secure headers, curious if there's any other tool that can do the trick.

2 of 3

3

It's a bunch of common-sense security settings for Flask. There are other ways to do it, but I don't see any problem in using it. If you start having problems with CORS and other stuff, don't forget to look here. You may need to change some of the settings.

GeeksforGeeks

geeksforgeeks.org › python › flask-security-with-talisman

Flask Security with Talisman - GeeksforGeeks

July 24, 2025 - Talisman is basically a Flask extension that is used to add HTTP security headers to our Flask application with easy implementation, which will help us to protect the app against common web attacks that lead to disturbances in our application ...

Stack Overflow

stackoverflow.com › questions › 76799686 › how-to-configure-flask-talisman-for-cdn-scripts-and-cron-jobs-in-python-3-11-sta

How to configure flask-talisman for CDN scripts and cron jobs in python 3.11 standard google app engine - Stack Overflow

'script-src': "'self' ajax.googleapis.com *.googleanalytics.com " '*.google-analytics.com ' '*.googletagmanager.com ' 'https://cdn.jsdelivr.net/npm/apexcharts', 'style-src': "'self' " 'https://cdn.jsdelivr.net/npm/apexcharts', 'object-src': "'none'", 'default-src': "'self' ", 'connect-src': "'self' *.google-analytics.com appengine.googleapis.com", } _talisman = Talisman(app, content_security_policy=csp, content_security_policy_nonce_in=['script-src', 'style-src]) . . . @app.get(r'/') def main(): ... context['nonce'] = _talisman._get_nonce() return render_template('list.html', context) ... <scr

Anaconda.org

anaconda.org › conda-forge › flask-talisman

flask-talisman - conda-forge | Anaconda.org

Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.

Find elsewhere

Google Bing Mojeek

GitHub

github.com › wntrblm › flask-talisman

GitHub - wntrblm/flask-talisman: HTTP security headers for Flask

Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.

Starred by 84 users

Forked by 10 users

Medium

medium.com › @asoheili › flask-security-with-talisman-ef6990a4a24

Flask Security with Talisman. Building a secure web application is… | by Arash Soheili | Medium

January 13, 2020 - from flask import Flask from flask_talisman import Talisman app = Flask(__name__) Talisman(app)

Stack Overflow

stackoverflow.com › questions › 54730178 › flask-talisman-breaks-flask-bootstrap

python - Flask-Talisman breaks Flask-Bootstrap - Stack Overflow

Top answer

1 of 3

11

It's an old thread, but the answer is that you need to whitelist your allowed sites, like in this example (directly from flask-talisman web site):

csp = {
 'default-src': [
        '\'self\'',
        'cdnjs.cloudflare.com'
    ]
}
talisman = Talisman(app, content_security_policy=csp)

2 of 3

4

Building on jrborba's answer above, this is what I have used to prevent Tailsman from breaking Bootstrap and jQuery, but you may not need to use the unsafe-inline line as I did.

csp = {
    'default-src': [
        '\'self\'',
        '\'unsafe-inline\'',
        'stackpath.bootstrapcdn.com',
        'code.jquery.com',
        'cdn.jsdelivr.net'
    ]
}
talisman = Talisman(app, content_security_policy=csp)

Debian

packages.debian.org › bookworm › python3-flask-talisman

Debian -- Details of package python3-flask-talisman in bookworm

Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.

Arch Linux

archlinux.org › packages › extra › any › python-flask-talisman

Arch Linux - python-flask-talisman 1.1.0-7 (any)

View the file list for python-flask-talisman · View the soname list for python-flask-talisman · Copyright © 2002-2026 Judd Vinet, Aaron Griffin and Levente Polyák. The Arch Linux name and logo are recognized trademarks. Some rights reserved.

Qwiet AI

qwiet.ai › appsec-resources › securing-your-flask-applications-essential-extensions-and-best-practices

Securing Your Flask Applications: Essential Extensions and Best Practices - Preventing the Unpreventable | Qwietᴬᴵ

February 7, 2025 - Flask-Talisman enhances the security of your Flask application by adding HTTP security headers. These headers help protect against web vulnerabilities such as Cross-Site Scripting (XSS), clickjacking, and other code injection attacks.

reddit.com › r/flask › when to use flask-talisman?

r/flask on Reddit: When to use flask-talisman?

January 5, 2023 -

So I was getting an app ready for deployment, when I came across flask-talisman. I don't quite understand what its purpose is, but from the look of it, it is probably used to secure your website from accessing content from unwanted origins ( the `content_security_policy` option in Talisman )

If my assumptions are correct, would it make sense to use it, if I am serving my static assets using the same server as my website? I am confused as to the use case of this particular package