Search code examples
pythonflasksslhttp-post

Is flask using HTTPS or HTTP?

I managed to create self signed certificate using mkcert and sign it as CA so my pc sees this certificate as trusted.Mkcert created two files 'localhost.pem' and 'localhost-key.pem' and I refer to them when running flask app. When I launch flask app using flask --app=server run --cert=localhost.pem --key=localhost-key.pem --debug it shows thar server is running as https(image below). enter image description here

I can access this website using browser and it is in fact https. I wanted to access the server with python script using requests module and it worked but there is one thing that interests me. It is fact that console shows log as enter image description here As you can see there is HTTP/1.1 not HTTPS.

Question:Are things sent by request between client and server secured by https or not?

If I try to print request.is_secure in flask it returns True, when I print request.scheme it returns https so it looks like it is secured but I am not sure because of the flask log as HTTP/1.1

client.py

import requests

data={'username':'pamix'}
r = requests.post(url='https://localhost:5000/test',data=data)

server.py

from flask import Flask,render_template,request

app = Flask(__name__)

@app.route("/test",methods=['POST'])
def test():
    print(f"is_secure:{request.is_secure}")
    print(f"scheme:{request.scheme}")

    return 'test'

if __name__=='__main__':
    app.run()
Solution

  • As you can see there is HTTP/1.1 not HTTPS

    HTTPS is the HTTP protocol inside the TLS authentication+encryption. The protocol version is still HTTP/1.1, i.e. there is no HTTPS/1.1.