Flask Debug Toolbar#120
Conversation
| SQLALCHEMY_TRACK_MODIFICATIONS = False | ||
| BASE_URL = "https://openqairamapnapi.qairadrones.com/" | ||
| DEBUG = False | ||
| SECRET_KEY = "my-secret-key" # TODO: Replace with a more secure key, and don't push it to Github |
There was a problem hiding this comment.
This is my first question, @GersonMontesinos. This secret key shouldn't be written here even if it's open source, for security reasons. One alternative would be to do this:
| SECRET_KEY = "my-secret-key" # TODO: Replace with a more secure key, and don't push it to Github | |
| SECRET_KEY = os.environ.get("SECRET_KEY") |
But then in your production environment you would need to set this environment variable. How would you like to proceed?
| try: | ||
| return ( | ||
| str(same_helper.getQhawaxStatus(name)) | ||
| make_response(jsonify(same_helper.getQhawaxStatus(name))) |
There was a problem hiding this comment.
This is my second question, @GersonMontesinos. If I keep these endpoints as they are, they return a str, which will then become a HTML without any <body> tags. The toolbar can only be used for HTML responses with a <body> tag or with JSON responses (now that I added support for them).
There are 3 options here:
- Do nothing, and you will change this later at some point. The toolbar won't work for these endpoints until you fix it.
- Change it to a JSON string, with the code that I wrote here.
- Change it to a "valid" HTML, by including the missing tags. It would be something like this:
| make_response(jsonify(same_helper.getQhawaxStatus(name))) | |
| <html><body><pre>{}</pre></body></html>'.format( | |
| same_helper.getQhawaxStatus(name) | |
| ) |
For both options 2 and 3, I would have to change it for all your non-JSON responses, which could take some time. And, more important, your API customers (even the frontend) might need to modify their code in case they are expecting a str() instead of a JSON str or a "valid" HTML (with the extra tags).
What would you like to do? 😄
|
Hey @Javiercerna : Answering to the first comment: why are the following lines of code are added? is it a requirement for the flask debug toolbar to work? Answering to the second comment: that endpoint and the others that give a string response are only used by the IoT devices and some by the frontend. I would like to make sure that if these endpoints - if left unchanged - could cause any trouble when using the toolbar for another endpoints. |
|
Maybe you are asking if the toolbar won't work at all if we don't change the endpoints that return str? If we don't change them, the toolbar won't work for those endpoints, but it will still work fine for the endpoints that return JSON (and any endpoints that return HTML, in case you have them) |
2 participants
I'll skip the PR template for now, since this is just a draft PR to ask questions.
When it's finished, it should close: #73