skip to navigation
skip to content

pyramid_hsts 1.2.3

HTTP Strict Transport Security for a Pyramid application.

Enforce [HTTP Strict Transport Security][] for a [Pyramid][] web application.

### Features

  • adds a Strict-Transport-Security header to every response
  • redirects requests with an insecure protocol to the corresponding secure protocol, i.e.: from http://… to https://…
  • ensures urls generated by request.*_url methods (e.g.: request.route_url) use a secure protocol

### Usage

To use, pip install pyramid_hsts / add pyramid_hsts to your requirements.txt and then [include][] the package:


### Configuration

If you’re running behind a frontend that proxies secure requests to your app on an insecure protocol (e.g.: on Heroku or a common Nginx setup) then it is common practice for the frontend to set a header indicating the original prototcol. To read this, you need to [specify][] the name of the protocol_header:

# must be specified if behind proxy hsts.protocol_header=X-Forwarded-Proto

You can also specify the max_age of and whether to include_subdomains in your HSTS header, e.g.:

# defaults to 10886400 hsts.max_age=21772800

# both default to true hsts.include_subdomains=false hsts.preload=false

[HTTP Strict Transport Security]: [Pyramid]: [include]: [specify]:

File Type Py Version Uploaded on Size
pyramid_hsts-1.2.3.tar.gz (md5) Source 2015-02-17 5KB