The Fix
Upgrade to version 2.0.0 or later.
Based on closed pallets/flask issue #3215 · PR/commit linked
@@ -37,6 +37,11 @@ Unreleased
``jsonify()``. Use ``response.headers.extend()`` if extending is
desired. :issue:`3628`
+- The ``Scaffold`` class provides a common API for the ``Flask`` and
+ ``Blueprint`` classes. ``Blueprint`` information is stored in
+ attributes just like ``Flask``, rather than opaque lambda functions.
repro.py
class _FlaskCommon:
def __init__(self, ...):
self._before_request_funcs = {}
def before_request(self, f):
self._before_request_funcs.setdefault(None, []).append(f)
def add_url_rule(self, ...):
raise NotImplementedError
def route(self, ..., **kwargs):
def decorator(f):
self.add_url_rule(view_func=f, **kwargs)
return f
return decorator
class Flask(_FlaskCommon):
def add_url_rule(self, ...):
...
class Blueprint(_FlaskCommon):
def add_url_rule(self, ...):
...
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
fix.md
Option A — Upgrade to fixed release\nUpgrade to version 2.0.0 or later.\nWhen NOT to use: This fix is not suitable if the existing API behavior is required for backward compatibility.\n\n
Why This Fix Works in Production
- Trigger: raise NotImplementedError
- Mechanism: The lack of a common API between Flask and Blueprint classes led to inconsistencies
- Why the fix works: Introduced the `Scaffold` class to provide a common API for the `Flask` and `Blueprint` classes, improving consistency and maintainability. (first fixed release: 2.0.0).
Why This Breaks in Prod
- The lack of a common API between Flask and Blueprint classes led to inconsistencies
- Production symptom (often without a traceback): raise NotImplementedError
Proof / Evidence
- GitHub issue: #3215
- Fix PR: https://github.com/pallets/flask/pull/3709
- First fixed release: 2.0.0
- Reproduced locally: No (not executed)
- Last verified: 2026-02-09
- Confidence: 0.85
- Did this fix it?: Yes (upstream fix exists)
- Own content ratio: 0.58
Discussion
High-signal excerpts from the issue thread (symptoms, repros, edge-cases).
“Views can already return WSGI applications, but this issue isn't about nesting applications or getting rid of blueprints.”
“@Maksych kind of, maybe? I'm having a hard time telling what the code is doing”
“Maybe we just don't need blueprints? Maybe just nested applications?”
“No, we certainly don't need nested applications.”
Failure Signature (Search String)
- raise NotImplementedError
Copy-friendly signature
signature.txt
Failure Signature
-----------------
raise NotImplementedError
Error Message
Signature-only (no traceback captured)
error.txt
Error Message
-------------
raise NotImplementedError
Minimal Reproduction
repro.py
class _FlaskCommon:
def __init__(self, ...):
self._before_request_funcs = {}
def before_request(self, f):
self._before_request_funcs.setdefault(None, []).append(f)
def add_url_rule(self, ...):
raise NotImplementedError
def route(self, ..., **kwargs):
def decorator(f):
self.add_url_rule(view_func=f, **kwargs)
return f
return decorator
class Flask(_FlaskCommon):
def add_url_rule(self, ...):
...
class Blueprint(_FlaskCommon):
def add_url_rule(self, ...):
...
What Broke
Developers faced difficulties in maintaining code due to the differing APIs of Flask and Blueprints.
Why It Broke
The lack of a common API between Flask and Blueprint classes led to inconsistencies
Fix Options (Details)
Option A — Upgrade to fixed release Safe default (recommended)
Upgrade to version 2.0.0 or later.
When NOT to use: This fix is not suitable if the existing API behavior is required for backward compatibility.
Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.
Option D — Guard side-effects with OnceOnly Guardrail for side-effects
Mitigate duplicate external side-effects under retries/timeouts/agent loops by gating the operation before calling external systems.
- Place OnceOnly between your code/agent and real side-effects (Stripe, emails, CRM, APIs).
- Use a stable key per side-effect (e.g., customer_id + action + idempotency_key).
- Fail-safe: configure fail-open vs fail-closed based on blast radius and spend risk.
Show example snippet (optional)
onceonly.py
from onceonly import OnceOnly
import os
once = OnceOnly(api_key=os.environ["ONCEONLY_API_KEY"], fail_open=True)
# Stable idempotency key per real side-effect.
# Use a request id / job id / webhook delivery id / Stripe event id, etc.
event_id = "evt_..." # replace
key = f"stripe:webhook:{event_id}"
res = once.check_lock(key=key, ttl=3600)
if res.duplicate:
return {"status": "already_processed"}
# Safe to execute the side-effect exactly once.
handle_event(event_id)
When NOT to use: Do not use this to hide logic bugs or data corruption. Use it to block duplicate external side-effects and enforce tool permissions/spend caps.
Fix reference: https://github.com/pallets/flask/pull/3709
First fixed release: 2.0.0
Last verified: 2026-02-09. Validate in your environment.
When NOT to Use This Fix
- This fix is not suitable if the existing API behavior is required for backward compatibility.
- Do not use this to hide logic bugs or data corruption. Use it to block duplicate external side-effects and enforce tool permissions/spend caps.
Verify Fix
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
Did This Fix Work in Your Case?
Quick signal helps us prioritize which fixes to verify and improve.
Prevention
- Capture the exact failing error string in logs and tests so you can reproduce via a minimal script.
- Pin production dependencies and upgrade only with a reproducible test that hits the failing path.
Version Compatibility Table
| Version | Status |
|---|---|
| 2.0.0 | Fixed |
Related Issues
No related fixes found.
Sources
We don’t republish the full GitHub discussion text. Use the links above for context.