Migrating the web UI to Flask

Implementing proper security in the web server that’s serving the web ui is hard and very error prone, so we’re considering migrating to a more solid framework ( Flask ) in order to be able to use its security middlewares that are hopefully tested by thousands already.

@dadav let’s use this thread to sync about the migration to flask and how to properly do CORS with it :+1:

2 Likes

just FYI, not sure if there’s actual usecase for setting CORS. CORS headers are used to allow access from other origins to API in browser (e.g. you want to make a request from pwnagotchi.ai to 10.0.0.2), not to protect anything. CSRF token is sufficient to protect from posting data from unallowed origins. But migrating to Flask seems like a good idea, since you can use proper templates (with escaping) and modules for security stuff

1 Like

I started to migrate to flask, maybe you wanna join me:

1 Like

so far so good! feel free to push a basic PR when you think it’s ready for co-coding and some refactoring :smiley:

1 Like
2 Likes

Thanks for all the good work, cant wait to see whats coming up next

merged! :smiley:

1 Like