This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (pypi.python.org).
Help us improve Python packaging - Donate today!

HTTP Strict Transport Security for a Pyramid application.

Project Description

Enforce [HTTP Strict Transport Security][] for a [Pyramid][] web application.

### Features

  • adds a Strict-Transport-Security header to every response
  • redirects requests with an insecure protocol to the corresponding secure protocol, i.e.: from http://… to https://…
  • ensures urls generated by request.*_url methods (e.g.: request.route_url) use a secure protocol

### Usage

To use, pip install pyramid_hsts / add pyramid_hsts to your requirements.txt and then [include][] the package:

config.include(‘pyramid_hsts’)

### Configuration

If you’re running behind a frontend that proxies secure requests to your app on an insecure protocol (e.g.: on Heroku or a common Nginx setup) then it is common practice for the frontend to set a header indicating the original prototcol. To read this, you need to [specify][] the name of the protocol_header:

# must be specified if behind proxy hsts.protocol_header=X-Forwarded-Proto

You can also specify the max_age of and whether to include_subdomains in your HSTS header, e.g.:

# defaults to 10886400 hsts.max_age=21772800

# both default to true hsts.include_subdomains=false hsts.preload=false

[HTTP Strict Transport Security]: http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security [Pyramid]: http://pypi.python.org/pypi/pyramid [include]: http://docs.pylonsproject.org/projects/pyramid/en/latest/api/config.html#pyramid.config.Configurator.include [specify]: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/environment.html#adding-a-custom-setting

Release History

Release History

This version
History Node

1.2.3

History Node

1.2.2

History Node

1.2.1

History Node

1.1.4

History Node

1.1.3.1

History Node

1.1.3

History Node

1.1.2

History Node

1.1

History Node

1.0

Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
pyramid_hsts-1.2.3.tar.gz (5.6 kB) Copy SHA256 Checksum SHA256 Source Feb 17, 2015

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting