Pip installs - remove flask patch and pin library versions

changedetectionio/flask_app.py

@@ -27,7 +27,6 @@ from flask import (
     session,
     url_for,
 )
-from flask_compress import Compress as FlaskCompress
 from flask_restful import abort, Api
 from flask_cors import CORS
 
@@ -74,14 +73,14 @@ CORS(app)
 # There's also a bug between flask compress and socketio that causes some kind of slow memory leak
 # It's better to use compression on your reverse proxy (nginx etc) instead.
 if strtobool(os.getenv("FLASK_ENABLE_COMPRESSION")):
+    from flask_compress import Compress as FlaskCompress
     app.config['COMPRESS_MIN_SIZE'] = 2096
     app.config['COMPRESS_MIMETYPES'] = ['text/html', 'text/css', 'text/javascript', 'application/json', 'application/javascript', 'image/svg+xml']
     # Use gzip only - smaller memory footprint than zstd/brotli (4-8KB vs 200-500KB contexts)
     app.config['COMPRESS_ALGORITHM'] = ['gzip']
+    compress = FlaskCompress()
+    compress.init_app(app)
 
-compress = FlaskCompress()
-
-compress.init_app(app)
 app.config['TEMPLATES_AUTO_RELOAD'] = False
 
 

changedetectionio/realtime/socket_server.py

@@ -198,26 +198,11 @@ def handle_watch_update(socketio, **kwargs):
     except Exception as e:
         logger.error(f"Socket.IO error in handle_watch_update: {str(e)}")
 
-
-def _patch_flask_request_context_session():
-    """Flask 3.1 removed the session setter from RequestContext, but Flask-SocketIO 5.6.0
-    still assigns to it directly (ctx.session = ...).  Restore a setter that writes the
-    private _session attribute so the two libraries work together.
-    """
-    from flask.ctx import RequestContext
-    if getattr(RequestContext.session, 'fset', None) is not None:
-        return  # Already has a setter (future Flask version restored it)
-    original_prop = RequestContext.session
-    RequestContext.session = original_prop.setter(lambda self, value: setattr(self, '_session', value))
-
-
 def init_socketio(app, datastore):
     """Initialize SocketIO with the main Flask app"""
     import platform
     import sys
 
-    _patch_flask_request_context_session()
-
     # Platform-specific async_mode selection for better stability
     system = platform.system().lower()
     python_version = sys.version_info

requirements.txt

@@ -9,12 +9,6 @@ flask_restful
 flask_cors # For the Chrome extension to operate
 # janus # No longer needed - using pure threading.Queue for multi-loop support
 flask_wtf~=1.2
-# Flask 3.1 removed the session setter on RequestContext; the patch in
-# changedetectionio/realtime/socket_server.py restores it so Flask-SocketIO works.
-# Require >=3.1 so the patch is always needed; <4 guards against unknown breaking changes.
-flask>=3.1,<4
-# Flask-SocketIO 5.x still does ctx.session = ... directly; the patch above handles it.
-# >=5.5.0 ensures the threading async_mode we rely on is available.
 flask-socketio>=5.5.0,<6
 python-socketio>=5.11.0,<6
 python-engineio>=4.9.0,<5
@@ -23,6 +17,12 @@ pytz
 timeago~=1.0
 validators~=0.35
 
+# 3910 - flask and werkzeug need pinning until Flask-SocketIO==5.6.1 is out
+# Then pin a version >= 5.6.1 so it doesnt come back
+# flask>=3.1,<4 should be in the future
+flask==3.0.3
+werkzeug==3.0.6
+
 # Set these versions together to avoid a RequestsDependencyWarning
 # >= 2.26 also adds Brotli support if brotli is installed
 brotli~=1.2