How to disallow pickle serialization in celery
I was getting "ContentDisallowed: Refusing to deserialize untrusted content of type pickle (application/x-python-serialize)"
having:
CELERY_ACCEPT_CONTENT = ['json']
wasn't enough... I had to also add the followings to settings:
CELERY_TASK_SERIALIZER = 'json'CELERY_RESULT_SERIALIZER = 'json'
Now that Celery supports configuration on a per-app basis, there is a cleaner way to restrict the content that a consumer will execute.
c = celery.Celery()c.conf.update(CELERY_ACCEPT_CONTENT = ['json'])
See the Celery docs on security for details, and for more advanced security options, such as signing content.