Skip to main content

Security Headers for asgi apps

Project description

🧙 asgi-sage

Test Suite Package version

Security Headers Middleware for Asgi App heavily inspired by flask-talisman

Installation

pip install asgi-sage

Usage

from asgi_sage.middleware import SageMiddleware

async def app(scope, receive, send):
    assert scope["type"] == "http"
    headers = [(b"content-type", "text/plain")]
    await send({"type": "http.response.start", "status": 200, "headers": headers})
    await send({"type": "http.response.body", "body": b"Hello, world!"})

app = SageMiddleware(app)

Options

  • feature_policy: dict = {}, force_https: bool = True
  • force_https: bool = False
  • force_https_permanent: bool = False
  • frame_options: Optional[str] = "SAMEORIGIN"
  • strict_transport_security: bool = True
  • strict_transport_security_preload: bool = False
  • strict_transport_security_max_age: int = 60 * 60 * 24 * 365
  • strict_transport_security_include_subdomains: bool = True
  • content_security_policy: Optional[dict] = None
  • referrer_policy: str = "strict-origin-when-cross-origin"
  • session_cookie_secure: bool = True
  • session_cookie_http_only: bool = True
  • content_type_nosniff: bool = True

Road Map

  • <input type="checkbox" disabled="" />

    Per Request overriding

  • <input type="checkbox" disabled="" />

    Add tests for different ASGI frameworks like Quart and Django 3.0+

  • <input type="checkbox" disabled="" />

    Properly support websockets

  • <input type="checkbox" disabled="" />

    Auto Changelog

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for asgi-sage, version 0.1.2
Filename, size File type Python version Upload date Hashes
Filename, size asgi_sage-0.1.2-py3-none-any.whl (4.2 kB) File type Wheel Python version py3 Upload date Hashes View
Filename, size asgi-sage-0.1.2.tar.gz (4.0 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring DigiCert DigiCert EV certificate Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page