Supported Frameworks¶
Framework Agnostic¶
secure_headers.headers()
Example:
secure_headers.framework.headers(csp=True, feature=True)
Return Value:
{'Strict-Transport-Security': 'max-age=63072000; includeSubdomains', 'X-Frame-Options': 'SAMEORIGIN', 'X-XSS-Protection': '0', 'X-Content-Type-Options': 'nosniff', 'Content-Security-Policy': "script-src 'self'; object-src 'self'", 'Referrer-Policy': 'no-referrer, strict-origin-when-cross-origin', 'Cache-control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Feature-Policy': "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none';fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none';payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr 'none'; usb 'none'; vr 'none';"}
aiohttp¶
secure_headers.framework.aiohttp(resp)
Example:
from aiohttp import web
from aiohttp.web import middleware
import secure
secure_headers = secure.Secure()
. . .
@middleware
async def set_secure_headers(request, handler):
resp = await handler(request)
secure_headers.framework.aiohttp(resp)
return resp
. . .
app = web.Application(middlewares=[set_secure_headers])
. . .
Bottle¶
secure_headers.framework.bottle(response)
Example:
from bottle import route, run, response, hook
import secure
secure_headers = secure.Secure()
. . .
@hook("after_request")
def set_secure_headers():
secure_headers.framework.bottle(response)
. . .
CherryPy¶
"tools.response_headers.headers": secure_headers.framework.cherrypy()
Example:
CherryPy Application Configuration:
import cherrypy
import secure
secure_headers = secure.Secure()
. . .
config = {
"/": {
"tools.response_headers.on": True,
"tools.response_headers.headers": secure_headers.framework.cherrypy(),
}
}
. . .
Django¶
secure_headers.framework.django(response)
Example:
Django Middleware Documentation:
# securemiddleware.py
import secure
secure_headers = secure.Secure()
. . .
def set_secure_headers(get_response):
def middleware(request):
response = get_response(request)
secure_headers.framework.django(response)
return response
return middleware
. . .
# settings.py
...
MIDDLEWARE = [
'app.securemiddleware.set_secure_headers'
]
...
FastAPI¶
secure_headers.framework.falcon(resp)
Example:
from fastapi import FastAPI
import secure
secure_headers = secure.Secure()
. . .
@app.middleware("http")
async def set_secure_headers(request, call_next):
response = await call_next(request)
secure_headers.framework.fastapi(response)
return response
. . .
Falcon¶
secure_headers.framework.falcon(resp)
Example:
import falcon
import secure
secure_headers = secure.Secure()
. . .
class SetSecureHeaders(object):
def process_request(self, req, resp):
secure_headers.framework.falcon(resp)
. . .
app = api = falcon.API(middleware=[SetSecureHeaders()])
. . .
Flask¶
secure_headers.framework.flask(response)
Example:
from flask import Flask, Response
import secure
secure_headers = secure.Secure()
app = Flask(__name__)
. . .
@app.after_request
def set_secure_headers(response):
secure_headers.framework.flask(response)
return response
. . .
hug¶
secure_headers.framework.hug(response)
Example:
import hug
import secure
secure_headers = secure.Secure()
. . .
@hug.response_middleware()
def set_secure_headers(request, response, resource):
secure_headers.framework.hug(response)
. . .
Masonite¶
secure_headers.framework.masonite(self.request)
Example:
Masonite Middleware:
# SecureMiddleware.py
from masonite.request import Request
import secure
secure_headers = secure.Secure()
class SecureMiddleware:
def __init__(self, request: Request):
self.request = request
def before(self):
secure_headers.framework.masonite(self.request)
. . .
# middleware.py
...
HTTP_MIDDLEWARE = [
SecureMiddleware,
]
...
Pyramid¶
Pyramid Tween:
def set_secure_headers(handler, registry):
def tween(request):
response = handler(request)
secure_headers.framework.pyramid(response)
return response
return tween
Example:
from pyramid.config import Configurator
from pyramid.response import Response
import secure
secure_headers = secure.Secure()
. . .
def set_secure_headers(handler, registry):
def tween(request):
response = handler(request)
secure_headers.framework.pyramid(response)
return response
return tween
. . .
config.add_tween(".set_secure_headers")
. . .
Quart¶
secure_headers.framework.quart(response)
Example:
from quart import Quart, Response
import secure
secure_headers = secure.Secure()
app = Quart(__name__)
. . .
@app.after_request
async def set_secure_headers(response):
secure_headers.framework.quart(response)
return response
. . .
Responder¶
secure_headers.framework.responder(resp)
Example:
import responder
import secure
secure_headers = secure.Secure()
api = responder.API()
. . .
@api.route(before_request=True)
def set_secure_headers(req, resp):
secure_headers.framework.responder(resp)
. . .
You should use Responder’s built in
HSTS
and pass the hsts=False
option.
Sanic¶
secure_headers.framework.sanic(response)
Example:
from sanic import Sanic
import secure
secure_headers = secure.Secure()
app = Sanic()
. . .
@app.middleware("response")
async def set_secure_headers(request, response):
secure_headers.framework.sanic(response)
. . .
To set Cross Origin Resource Sharing (CORS) headers, please see sanic-cors .
Starlette¶
secure_headers.framework.starlette(response)
Example:
from starlette.applications import Starlette
import uvicorn
import secure
secure_headers = secure.Secure()
app = Starlette()
. . .
@app.middleware("http")
async def set_secure_headers(request, call_next):
response = await call_next(request)
secure_headers.framework.starlette(response)
return response
. . .
Tornado¶
secure_headers.framework.tornado(self)
Example:
import tornado.ioloop
import tornado.web
import secure
secure_headers = secure.Secure()
. . .
class BaseHandler(tornado.web.RequestHandler):
def set_default_headers(self):
secure_headers.framework.tornado(self)
. . .