Security Headers for asgi apps
Project description
asgi-sage
Security Headers Middleware for Asgi App heavily inspired by flask-talisman
Installation
pip install asgi-sage
Usage
from asgi_sage.middleware import SageMiddleware
async def app(scope, receive, send):
assert scope["type"] == "http"
headers = [(b"content-type", "text/plain")]
await send({"type": "http.response.start", "status": 200, "headers": headers})
await send({"type": "http.response.body", "body": b"Hello, world!"})
app = SageMiddleware(app)
Options
feature_policy: dict = {}, force_https: bool = True
force_https: bool = False
force_https_permanent: bool = False
frame_options: Optional[str] = "SAMEORIGIN"
strict_transport_security: bool = True
strict_transport_security_preload: bool = False
strict_transport_security_max_age: int = 60 \* 60 \_ 24 \* 365
strict_transport_security_include_subdomains: bool = True
content_security_policy: Optional[dict] = None
referrer_policy: str = "strict-origin-when-cross-origin"
session_cookie_secure: bool = True
session_cookie_http_only: bool = True
Road Map
- Per Request overriding
- Add tests for different ASGI frameworks like Quart and Django 3.0+
- Properly support websockets
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
asgi-sage-0.1.0.tar.gz
(3.8 kB
view hashes)
Built Distribution
Close
Hashes for asgi_sage-0.1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 16a3e7d815d35049c345dfed275a6ab6d5633b3ea24ed4994b58a1b32f0aa479 |
|
MD5 | a94660fe060779a2c86f4281c800d09b |
|
BLAKE2b-256 | 706c68a52430142f066d235527a3ea0c1c986d8909c3d68bb52a4ea8234ea427 |