skip to navigation
skip to content

Not Logged In

pyramid_hsts 1.1.3

HTTP Strict Transport Security for a Pyramid application.

Latest Version: 1.1.4

Enforce [HTTP Strict Transport Security][] for a [Pyramid][] web application.

### Features

  • adds a Strict-Transport-Security header to every response
  • redirects requests with an insecure protocol to the corresponding secure protocol, i.e.: from http://... to https://...
  • ensures urls generated by request.*_url methods (e.g.: request.route_url) use a secure protocol

### Usage

To use, pip install pyramid_hsts / add pyramid_hsts to your requirements.txt and then [include][] the package:

config.include('pyramid_hsts')

### Configuration

If you're running behind a frontend that proxies secure requests to your app on an insecure protocol (e.g.: on Heroku or a common Nginx setup) then it is common practice for the frontend to set a header indicating the original prototcol. To read this, you need to [specify][] the name of the protocol_header:

# must be specified if behind proxy hsts.protocol_header=X-Forwarded-Proto

You can also specify the max_age of and whether to include_subdomains in your HSTS header, e.g.:

# defaults to 8640000 hsts.max_age=4320000

# defaults to true hsts.include_subdomains=false

[HTTP Strict Transport Security]: http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security [Pyramid]: http://pypi.python.org/pypi/pyramid [include]: http://docs.pylonsproject.org/projects/pyramid/en/latest/api/config.html#pyramid.config.Configurator.include [specify]: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/environment.html#adding-a-custom-setting

 
File Type Py Version Uploaded on Size
pyramid_hsts-1.1.3.tar.gz (md5) Source 2014-01-30 5KB
  • Downloads (All Versions):
  • 12 downloads in the last day
  • 89 downloads in the last week
  • 496 downloads in the last month