Falcon middleware for sanity-checking that HTTPS was used for the request.
The falcon-require-https package provides a middleware component for sanity-checking that the incoming request was received over HTTPS. While the web server is primarily responsibile for enforcing the HTTPS protocol, misconfiguration is still a leading cause of security vulnerabilities, and so it can be helpful to perform certain additional checks, such as this one, within the application layer itself.
$ pip install falcon-require-https
The RequireHTTPS middleware class verifies each incoming request. To use it, simply pass an instance to the falcon.API() initializer:
from falcon_require_https import RequireHTTPS app = falcon.API(middleware=[RequireHTTPS()])
At least one of the following sources must indicate the use of HTTPS:
- The schema of the requested URL
- The X-Forwarded-Proto header
- The Forwarded header (only the first hop is checked)
Otherwise, an instance of falcon.HTTPBadRequest is raised.
This middleware is not meant to replace proper security controls in your web server or load balancer. It is simply meant as a final backstop to guard against inadvertent misconfiguration at the networking layer.
This middleware component is based on paul291’s original proof of concept, which was originally submitted as a PR to the falconry/falcon repo.
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size & hash SHA256 hash help||File type||Python version||Upload date|
|falcon_require_https-0.1.0-py2.py3-none-any.whl (6.3 kB) Copy SHA256 hash SHA256||Wheel||py2.py3|
|falcon-require-https-0.1.0.tar.gz (3.4 kB) Copy SHA256 hash SHA256||Source||None|