Skip to content
Secure 🔒 headers and cookies for Python web frameworks
Python
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs
secure
.gitignore
.travis.yml
LICENSE
MANIFEST.in
README.md Add ReadTheDocs Dec 24, 2018
dev-requirements.txt
setup.py

README.md

secure.py

image Python 3 image image

secure.py 🔒 is a lightweight package that adds optional security headers and cookie attributes for Python web frameworks.

Supported Python web frameworks:

aiohttp, Bottle, CherryPy, Django, Falcon, Flask, hug, Masonite, Pyramid, Quart, Responder, Sanic, Starlette, Tornado

Install

pip:

$ pip install secure

Pipenv:

$ pipenv install secure

After installing secure:

from secure import SecureHeaders, SecureCookie

secure_headers = SecureHeaders()
secure_cookie = SecureCookie()

Secure Headers

Example

secure_headers.framework(response)

Default HTTP response headers:

Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Cache-control: no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Expires: 0

Secure Cookie

Example

secure_cookie.framework(response, name="spam", value="eggs")

Default Set-Cookie HTTP response header:

Set-Cookie: spam=eggs; Path=/; secure; HttpOnly; SameSite=lax

Documentation

Please see the full set of documentation at https://secure.readthedocs.io

Resources

You can’t perform that action at this time.