Python Flask 400 Bad Request Error Every Request

Question

I'm working on a Flask app and recently converted it to a simple blueprint template with only one app. It works fine when in debug mode (FLASK_DEBUG=1), but when it's not in debug mode I get "HTTPStatus.BAD_REQUEST - code 400" no matter what page I try to hit. It automatically hits https://127.0.0.1:5000, so I've tried doing http://127.0.0.1:5000 but that also doesn't work as it seems to redirect back to https.

application.py

from app import create_app

application = app = create_app()

if __name__ == "__main__":
    application.run()

routes.py (only including the index route for brevity and leaving out imports)

app_blueprint = Blueprint('app_blueprint', __name__, template_folder='app/templates', static_folder='static')

@app_blueprint.route('/')
@app_blueprint.route('/index')
def index():
    return render_template('app_blueprint/index.html', title='Home')

init.py from within the app. My csp is a mess as I was playing around to see if that was causing an issue.

migrate = Migrate()
login = LoginManager()
login.login_view = 'login'
mail = Mail()
moment = Moment()

talisman = Talisman()

def create_app(config_class=Config):
    application = Flask(__name__)
    application.config.from_object(config_class)

    from app.models import db
    db.init_app(application)

    migrate.init_app(application, db)
    login.init_app(application)
    mail.init_app(application)
    moment.init_app(application)

    from app.routes import app_blueprint
    application.register_blueprint(app_blueprint)

    csp = {
        'default-src': [
            '\'self\'',
            '*.com',
            'data:'
        ],
        'script-src': [
            '\'self\'',
            'https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.1/moment-with-locales.min.js',
            'https://code.jquery.com/jquery-3.5.1.min.js'
        ],
        'img-src': [
            '\'self\'',
            'data:',
            '*.com',
            '*.net',
            '*.org',
        ]
    }

    talisman.init_app(application, content_security_policy=csp, content_security_policy_nonce_in=['script-src'])