Secure πŸ”’ headers and cookies for Python web frameworks
Clone or download
cakinney Documentation Typos
- Fix HSTS year
- Fix aiohttp cookies
Latest commit 658da7e Jan 11, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs Documentation Typos Jan 12, 2019
secure Add first unit test Jan 6, 2019
.gitignore Add Sphinx documentation Dec 24, 2018
.travis.yml Remove 3.7 for now Jan 6, 2019
LICENSE v0.1.0 Nov 27, 2018
MANIFEST.in v0.1.0 Nov 27, 2018
README.md Add ReadTheDocs Dec 24, 2018
dev-requirements.txt Specify packages for unit tets Jan 6, 2019
setup.py v0.2.1 Dec 24, 2018

README.md

secure.py

image Python 3 image image

secure.py πŸ”’ is a lightweight package that adds optional security headers and cookie attributes for Python web frameworks.

Supported Python web frameworks:

aiohttp, Bottle, CherryPy, Django, Falcon, Flask, hug, Masonite, Pyramid, Quart, Responder, Sanic, Starlette, Tornado

Install

pip:

$ pip install secure

Pipenv:

$ pipenv install secure

After installing secure:

from secure import SecureHeaders, SecureCookie

secure_headers = SecureHeaders()
secure_cookie = SecureCookie()

Secure Headers

Example

secure_headers.framework(response)

Default HTTP response headers:

Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Cache-control: no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Expires: 0

Secure Cookie

Example

secure_cookie.framework(response, name="spam", value="eggs")

Default Set-Cookie HTTP response header:

Set-Cookie: spam=eggs; Path=/; secure; HttpOnly; SameSite=lax

Documentation

Please see the full set of documentation at https://secure.readthedocs.io

Resources