我有一个flask站点，我使用flask的内置开发服务器（本地机器）在本地运行。

在我提供页面之前，我正在运行自定义安全评估功能，以确保用户有权访问该页面。如果用户无权访问该页面，我会尝试将用户重定向回主页。除了重定向之外，此工作流中的一切都按预期进行。

即使“重定向”调用仍在执行，用户也可以像拥有完全授权一样获得页面服务。我很可能错误地使用了重定向功能——请赐教。

这是烧瓶站点设置：

from flask import Flask, render_template, request, url_for, redirect, Markup, session, abort

def security(page_name):

    # Direct not logged in users to the login form

    if not session.get('logged_in'):

        return render_template('login.html')

    else:

        try:

            # Update user's permissions

            permissions_list = login_helpers.get_user_permissions_by_id(user_id)

            session['permissions'] = permissions_list

            if requested_page_abbreviation not in session['permissions']:

                # User does not have access -- bounce user back to home

                # I see this appear in the console

                print('Not authorized')

                # This must get executed, but the user does not get directed back home -- instead the resulting page loads as if the user has permissions

                return redirect('/home')

                # This does not execute

                # If I replace this line above the "return redirect('/home')" call, the expected "Unauthorized" page results and the 401 HTTP code is returned

                abort(401)

        except KeyError:

            # User has not yet had permissions set -- bounce user back to home to login

            return redirect(url_for('home'))

@app.route('/', methods=['GET','POST'])

def home():

    return render_template('home.html')

@app.route('/test_page', methods=['POST'])

def test_page():

    security_check('TEST')

    return render_template('test_page.html')