How to disallow pickle serialization in celery How to disallow pickle serialization in celery python python

How to disallow pickle serialization in celery


python security celery

I was getting "ContentDisallowed: Refusing to deserialize untrusted content of type pickle (application/x-python-serialize)"

having:

CELERY_ACCEPT_CONTENT = ['json']

wasn't enough... I had to also add the followings to settings:

CELERY_TASK_SERIALIZER = 'json'CELERY_RESULT_SERIALIZER = 'json'

python security celery

I got an answer from the celery-users mailing list (From Ask Solem to be specific). Add these two lines to the config (celeryconfig/settings):

from kombu import serializationserialization.registry._decoders.pop("application/x-python-serialize")

python security celery

Now that Celery supports configuration on a per-app basis, there is a cleaner way to restrict the content that a consumer will execute. 

c = celery.Celery()c.conf.update(CELERY_ACCEPT_CONTENT = ['json'])

See the Celery docs on security for details, and for more advanced security options, such as signing content.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last