A lightweight package that adds optional security headers and cookie attributes for Python web frameworks.
Project description
secure.py
secure.py 🔒 is a lightweight package that adds optional security headers and cookie attributes for Python web frameworks.
Supported Python web frameworks:
aiohttp, Bottle, CherryPy, Django, Falcon, Flask, hug, Masonite, Pyramid, Quart, Responder, Sanic, Starlette, Tornado
Install
pip:
$ pip install secure
Pipenv:
$ pipenv install secure
After installing secure:
from secure import SecureHeaders, SecureCookie
secure_headers = SecureHeaders()
secure_cookie = SecureCookie()
Secure Headers
Example
secure_headers.framework(response)
Default HTTP response headers:
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Cache-control: no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Expires: 0
Secure Cookie
Example
secure_cookie.framework(response, name="spam", value="eggs")
Default Set-Cookie HTTP response header:
Set-Cookie: spam=eggs; Path=/; secure; HttpOnly; SameSite=lax
Documentation
Please see the full set of documentation at https://secure.readthedocs.io
Resources
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
secure-0.2.1.tar.gz
(10.4 kB
view hashes)
Built Distribution
secure-0.2.1-py2-none-any.whl
(9.4 kB
view hashes)
