Move to use a different WSGI server from the Flask development server
Opened this issue · 2 comments
We currently use a trick mentioned in #244 to suppress console output in the Flask development server which prior to a few weeks ago was possible but with current versions of werkzeug isn't anymore.
David Lord, core developer on Flask, points out that even in a local web server like ours we shouldn't use the Flask development server.
He suggests using waitress instead. I started exploration in porting to use waitress but got stopped at the point where we trigger a shutdown of the WSGI server at the end of the login process.
Currently we find the process that Flask is running in and kill it. This doesn't seem to work for waitress.
I found that the webtest project which is used for testing WSGI applications implements waitress as a subthread.
I did some work on using webtest's StopableWSGIServer in mozilla-aws-cli but ran out of time.
To get this working we'll need to
- update the
listenmethod inlistener.pyto use waitress toservetheapp(which is easy) - get the
shutdownmethod to work, either by figuring out why the "kill the process" approach isn't working or by porting theStopableWSGIServersubthread approach from webtest
Until this work is done, we can't use a newer version of werkzeug which means any security fixes won't be available to us.
Here's what the listen method looks like with waitress
from waitress import serve
def listen(login):
# set the global callback
globals()["login"] = login
serve(app, host='0.0.0.0', port=port)
return port
This alone works at cutting over to waitress from Flask, however the shutdown method doesn't shut the waitress listener down.