How to disallow pickle serialization in celery

Question

Celery defaults to using pickle as its serialization method for tasks. As noted in the FAQ, this represents a security hole. Celery allows you to configure how tasks get seria

Answer 1

Now that Celery supports configuration on a per-app basis, there is a cleaner way to restrict the content that a consumer will execute.

c = celery.Celery()
c.conf.update(CELERY_ACCEPT_CONTENT = ['json'])

See the Celery docs on security for details, and for more advanced security options, such as signing content.