Supported Frameworks¶
Framework Agnostic¶
secure_headers.headers()
Example:
secure_headers.headers(csp=True, feature=True)
Return Value:
{'Strict-Transport-Security': 'max-age=63072000; includeSubdomains', 'X-Frame-Options': 'SAMEORIGIN', 'X-XSS-Protection': '1; mode=block', 'X-Content-Type-Options': 'nosniff', 'Content-Security-Policy': "script-src 'self'; object-src 'self'", 'Referrer-Policy': 'no-referrer, strict-origin-when-cross-origin', 'Cache-control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Feature-Policy': "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none';fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none';payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr 'none'; usb 'none'; vr 'none';"}
aiohttp¶
Headers¶
secure_headers.aiohttp(resp)
Example:
from aiohttp import web
from aiohttp.web import middleware
from secure import SecureHeaders
secure_headers = SecureHeaders()
. . .
@middleware
async def set_secure_headers(request, handler):
resp = await handler(request)
secure_headers.aiohttp(resp)
return resp
. . .
app = web.Application(middlewares=[set_secure_headers])
. . .
Cookies¶
secure_cookie.aiohttp(resp, name="spam", value="eggs")
Example:
from aiohttp import web
from secure import SecureCookie
secure_cookie = SecureCookie()
. . .
@routes.get("/secure")
async def set_secure_cookie(request):
resp = web.Response(text="Secure")
secure_cookie.aiohttp(resp, name="spam", value="eggs")
return resp
. . .
Bottle¶
Headers¶
secure_headers.bottle(response)
Example:
from bottle import route, run, response, hook
from secure import SecureHeaders
secure_headers = SecureHeaders()
. . .
@hook("after_request")
def set_secure_headers():
secure_headers.bottle(response)
. . .
Cookies¶
secure_cookie.bottle(response, name="spam", value="eggs")
Example:
from bottle import route, run, response, hook
from secure import SecureCookie
secure_cookie = SecureCookie()
. . .
@route("/secure")
def set_secure_cookie():
secure_cookie.bottle(response, name="spam", value="eggs")
return "Secure"
. . .
CherryPy¶
Headers¶
"tools.response_headers.headers": secure_headers.cherrypy()
Example:
CherryPy Application Configuration:
import cherrypy
from secure import SecureHeaders
secure_headers = SecureHeaders()
. . .
config = {
"/": {
"tools.response_headers.on": True,
"tools.response_headers.headers": secure_headers.cherrypy(),
}
}
. . .
Cookies¶
response_headers = cherrypy.response.headers
secure_cookie.cherrypy(response_headers, name="spam", value="eggs")
Example:
import cherrypy
from secure import SecureCookie
secure_cookie = SecureCookie()
. . .
class SetSecureCookie(object):
@cherrypy.expose
def set_secure_cookie(self):
response_headers = cherrypy.response.headers
secure_cookie.cherrypy(response_headers, name="spam", value="eggs")
return "Secure"
. . .
Django¶
Headers¶
secure_headers.django(response)
Example:
Django Middleware Documentation:
# securemiddleware.py
from secure import SecureHeaders
secure_headers = SecureHeaders()
. . .
def set_secure_headers(get_response):
def middleware(request):
response = get_response(request)
secure_headers.django(response)
return response
return middleware
. . .
# settings.py
...
MIDDLEWARE = [
'app.securemiddleware.set_secure_headers'
]
...
Cookies¶
secure_cookie.django(response, name="spam", value="eggs")
Example:
from django.http import HttpResponse
from secure import SecureCookie
secure_cookie = SecureCookie()
. . .
def set_secure_cookie(request):
response = HttpResponse("Secure")
secure_cookie.django(response, name="spam", value="eggs")
return response
. . .
Falcon¶
Headers¶
secure_headers.falcon(resp)
Example:
import falcon
from secure import SecureHeaders
secure_headers = SecureHeaders()
. . .
class SetSecureHeaders(object):
def process_request(self, req, resp):
secure_headers.falcon(resp)
. . .
app = api = falcon.API(middleware=[SetSecureHeaders()])
. . .
Cookies¶
secure_cookie.falcon(resp, name="spam", value="eggs")
Example:
import falcon
from secure import SecureCookie
secure_cookie = SecureCookie()
. . .
class SetSecureCookie(object):
def on_get(self, req, resp):
resp.body = "Secure"
secure_cookie.falcon(resp, name="spam", value="eggs")
. . .
Flask¶
Headers¶
secure_headers.flask(response)
Example:
from flask import Flask, Response
from secure import SecureHeaders
secure_headers = SecureHeaders()
app = Flask(__name__)
. . .
@app.after_request
def set_secure_headers(response):
secure_headers.flask(response)
return response
. . .
Cookies¶
secure_cookie.flask(resp, name="spam", value="eggs")
Example:
from flask import Flask, Response
from secure import SecureCookie
secure_cookie = SecureCookie()
. . .
@app.route("/secure")
def set_secure_cookie():
resp = Response("Secure")
secure_cookie.flask(resp, name="spam", value="eggs")
return resp
. . .
hug¶
Headers¶
secure_headers.hug(response)
Example:
import hug
from secure import SecureHeaders
secure_headers = SecureHeaders()
. . .
@hug.response_middleware()
def set_secure_headers(request, response, resource):
secure_headers.hug(response)
. . .
Cookies¶
secure_cookie.hug(response, name="spam", value="eggs")
Example:
import hug
from secure import SecureCookie
secure_cookie = SecureCookie()
. . .
@hug.get("/secure")
def set_secure_cookie(response):
secure_cookie.hug(response, name="spam", value="eggs")
return "Secure"
. . .
Masonite¶
Headers¶
secure_headers.masonite(self.request)
Example:
Masonite Middleware:
# SecureMiddleware.py
from masonite.request import Request
from secure import SecureHeaders
secure_headers = SecureHeaders()
class SecureMiddleware:
def __init__(self, request: Request):
self.request = request
def before(self):
secure_headers.masonite(self.request)
. . .
# middleware.py
...
HTTP_MIDDLEWARE = [
SecureMiddleware,
]
...
Cookies¶
secure_headers.masonite(self.request)
Example:
. . .
def show(self, view: View, request: Request, response: Response):
secure_cookie.masonite(request, name="spam", value="eggs")
return response.view('Secure')
. . .
Pyramid¶
Headers¶
Pyramid Tween:
def set_secure_headers(handler, registry):
def tween(request):
response = handler(request)
secure_headers.pyramid(response)
return response
return tween
Example:
from pyramid.config import Configurator
from pyramid.response import Response
from secure import SecureHeaders
secure_headers = SecureHeaders()
. . .
def set_secure_headers(handler, registry):
def tween(request):
response = handler(request)
secure_headers.pyramid(response)
return response
return tween
. . .
config.add_tween(".set_secure_headers")
. . .
Cookies¶
response = Response("Secure")
secure_cookie.pyramid(response, name="spam", value="eggs")
Example:
from pyramid.config import Configurator
from pyramid.response import Response
from secure import SecureCookie
secure_cookie = SecureCookie()
. . .
def set_secure_cookie(request):
response = Response("Secure")
secure_cookie.pyramid(response, name="spam", value="eggs")
return response
. . .
Quart¶
Headers¶
secure_headers.quart(response)
Example:
from quart import Quart, Response
from secure import SecureHeaders
secure_headers = SecureHeaders()
app = Quart(__name__)
. . .
@app.after_request
async def set_secure_headers(response):
secure_headers.quart(response)
return response
. . .
Cookies¶
secure_cookie.quart(resp, name="spam", value="eggs")
Example:
from quart import Quart, Response
from secure import SecureCookie
secure_cookie = SecureCookie()
app = Quart(__name__)
. . .
@app.route("/secure")
async def set_secure_cookie():
resp = Response("Secure")
secure_cookie.quart(resp, name="spam", value="eggs")
return resp
. . .
Responder¶
Headers¶
secure_headers.responder(resp)
Example:
import responder
from secure import SecureHeaders
secure_headers = SecureHeaders()
api = responder.API()
. . .
@api.route(before_request=True)
def set_secure_headers(req, resp):
secure_headers.responder(resp)
. . .
You should use Responder’s built in
HSTS
and pass the hsts=False
option.
Cookies¶
secure_cookie.responder(resp, name="spam", value="eggs")
Example:
import responder
from secure import SecureCookie
secure_cookie = SecureCookie()
api = responder.API()
. . .
@api.route("/secure")
async def set_secure_cookie(req, resp):
resp.text = "Secure"
secure_cookie.responder(resp, name="spam", value="eggs")
. . .
Sanic¶
Headers¶
secure_headers.sanic(response)
Example:
from sanic import Sanic
from secure import SecureHeaders
secure_headers = SecureHeaders()
app = Sanic()
. . .
@app.middleware("response")
async def set_secure_headers(request, response):
secure_headers.sanic(response)
. . .
Cookies¶
secure_cookie.sanic(response, name="spam", value="eggs")
Example:
from sanic import Sanic
from sanic.response import text
from secure import SecureCookie
secure_cookie = SecureCookie()
app = Sanic()
. . .
@app.route("/secure")
async def set_secure_cookie(request):
response = text("Secure")
secure_cookie.sanic(response, name="spam", value="eggs")
return response
. . .
To set Cross Origin Resource Sharing (CORS) headers, please see sanic-cors .
Starlette¶
Headers¶
secure_headers.starlette(response)
Example:
from starlette.applications import Starlette
import uvicorn
from secure import SecureHeaders
secure_headers = SecureHeaders()
app = Starlette()
. . .
@app.middleware("http")
async def set_secure_headers(request, call_next):
response = await call_next(request)
secure_headers.starlette(response)
return response
. . .
Cookies¶
secure_cookie.starlette(response, name="spam", value="eggs")
Example:
from starlette.applications import Starlette
from starlette.responses import PlainTextResponse
import uvicorn
from secure import SecureHeaders, SecureCookie
secure_cookie = SecureCookie()
app = Starlette()
. . .
@app.route("/secure")
async def set_secure_cookie(request):
response = PlainTextResponse("Secure")
secure_cookie.starlette(response, name="spam", value="eggs")
return response
. . .
Tornado¶
Headers¶
secure_headers.tornado(self)
Example:
import tornado.ioloop
import tornado.web
from secure import SecureHeaders
secure_headers = SecureHeaders()
. . .
class BaseHandler(tornado.web.RequestHandler):
def set_default_headers(self):
secure_headers.tornado(self)
. . .
Cookies¶
secure_cookie.tornado(self, name="spam", value="eggs")
Example:
import tornado.ioloop
import tornado.web
from secure import SecureCookie
secure_cookie = SecureCookie()
. . .
class SetSecureCookie(BaseHandler):
def get(self):
secure_cookie.tornado(self, name="spam", value="eggs")
self.write("Secure")
. . .