Secure

Modern Python library for HTTP security headers (CSP, HSTS, etc.) with secure defaults and presets for Shiny, FastAPI, Django, Flask, and other ASGI/WSGI apps.

[画像:TypeError logo]

Source Code Changelog

Suggest Changes

Popularity

4.3

Growing

Activity

9.3

Stars 969

Watchers 14

Forks 30

Last Commit about 1 month ago

Description

Secure 🔒 is a lightweight package that adds optional security headers and cookie attributes for Python web frameworks.

Programming language: Python

License: MIT License

Tags: HTTP Web Frameworks Security

Latest version: v0.2.1

Secure alternatives and similar packages

Based on the "Security" category.
Alternatively, view Secure alternatives based on common mentions on social networks and blogs.

pycryptodome

7.0 7.6 Secure VS pycryptodome

A self-contained cryptographic library for Python

Legrandin logo
keyring

5.2 7.4 Secure VS keyring

The Python keyring lib provides an easy way to access the system keyring service from python.

jaraco logo

InfluxDB – Built for High-Performance Time Series Workloads

InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

Promo www.influxdata.com

[画像:InfluxDB Logo]

🦊 Framefox

2.5 8.3 Secure VS 🦊 Framefox

🦊 Python web framework that makes development enjoyable - FastAPI + MVC + SQLModel + Interactive CLI. Ship fast without sacrificing quality.

soma-smart logo
Spoodle

1.9 0.0 L3 Secure VS Spoodle

A mass subdomain (Subbrute) + poodle vulnerability scanner

avicoder logo
Sitri

1.0 0.0 Secure VS Sitri

Sitri - powerful settings & configs for python

Elastoo-Team logo
DisCapTy

0.8 5.4 Secure VS DisCapTy

DISCONTINUED. DisCapTy is a Python module to generate Captcha images without struggling your mind on how to make your own. Everyone can use it!
Fastapi redis rate limiter middleware

0.6 4.7 Secure VS Fastapi redis rate limiter middleware

fastapi-redis-rate-limiter

iunary logo
securo

0.4 4.3 Secure VS securo

Encrypt and descrypt files and folders using a symmetric encryption

iunary logo

* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.

Do you think we are missing an alternative of Secure or a related project?

Add another 'Security' Package

Stream - Scalable APIs for Chat, Feeds, Moderation, & Video.

featured getstream.io

Popular Comparisons

SaaSHub - Software Alternatives and Reviews

featured www.saashub.com

README

secure.py

image Python 3 image image Build Status

secure.py 🔒 is a lightweight package that adds optional security headers for Python web frameworks.

Supported Python web frameworks

aiohttp, Bottle, CherryPy, Django, Falcon, FastAPI, Flask, hug, Masonite, Pyramid, Quart, Responder, Sanic, Starlette, Tornado

Install

pip:

pip install secure

Pipenv:

pipenv install secure

After installing secure:

import secure
secure_headers = secure.Secure()

Secure Headers

Example

secure_headers.framework(response)

Default HTTP response headers:

strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
cache-control: no-store

Policy Builders

Policy Builder Example

Content Security Policy builder:

csp = (
 secure.ContentSecurityPolicy()
 .default_src("'none'")
 .base_uri("'self'")
 .connect_src("'self'", "api.spam.com")
 .frame_src("'none'")
 .img_src("'self'", "static.spam.com")
 )
secure_headers = secure.Secure(csp=csp)

HTTP response headers:

strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
cache-control: no-store
content-security-policy: default-src 'none'; base-uri 'self'; connect-src 'self' api.spam.com; frame-src 'none'; img-src 'self' static.spam.com"

Documentation

Please see the full set of documentation at https://secure.readthedocs.io

FastAPI Example

import uvicorn
from fastapi import FastAPI
import secure
app = FastAPI()
server = secure.Server().set("Secure")
csp = (
 secure.ContentSecurityPolicy()
 .default_src("'none'")
 .base_uri("'self'")
 .connect_src("'self'" "api.spam.com")
 .frame_src("'none'")
 .img_src("'self'", "static.spam.com")
)
hsts = secure.StrictTransportSecurity().include_subdomains().preload().max_age(2592000)
referrer = secure.ReferrerPolicy().no_referrer()
permissions_value = (
 secure.PermissionsPolicy().geolocation("self", "'spam.com'").vibrate()
)
cache_value = secure.CacheControl().must_revalidate()
secure_headers = secure.Secure(
 server=server,
 csp=csp,
 hsts=hsts,
 referrer=referrer,
 permissions=permissions_value,
 cache=cache_value,
)
@app.middleware("http")
async def set_secure_headers(request, call_next):
 response = await call_next(request)
 secure_headers.framework.fastapi(response)
 return response
@app.get("/")
async def root():
 return {"message": "Secure"}
if __name__ == "__main__":
 uvicorn.run(app, port=8081, host="localhost")

HTTP response headers:

server: Secure
strict-transport-security: includeSubDomains; preload; max-age=2592000
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; connect-src 'self'api.spam.com; frame-src 'none'; img-src 'self' static.spam.com
referrer-policy: no-referrer
cache-control: must-revalidate
permissions-policy: geolocation=(self 'spam.com'), vibrate=()

Resources

Do not miss the trending, packages, news and articles with our weekly report.

Awesome Python is part of the LibHunt network. Terms. Privacy Policy.

(CC)

BY-SA

We recommend Spin The Wheel Of Names for a cryptographically secure random name picker.