falcon-sslify¶
A simple falcon middleware that configures your app to redirect all incoming requests to HTTPS. This is a port of flask-sslify by Kenneth Reitz from flask to falcon
Usage¶
This package exposes a falcon middleware which by default forces SSL on all routes and also enables HSTS
import falcon
from falcon_sslify import FalconSSLify
sslify = FalconSSLify()
api = falcon.API(middleware=[sslify])
HTTP Strict Transport Security¶
flask-sslify also enables HSTS policy for your application by default. By default,
HSTS is set for 1 year ie 31536000 seconds
.
You can change the duration by passing the age
parameter:
sslify = FalconSSlify(age=30000)
By default, HSTS is also enabled for subdomains, you can disable it by
setting the subdomains
parameter to False
sslify = FalconSSlify(subdomains=False)
HTTP 301 Redirects¶
By default, the redirect is issued with a HTTP 302 response. You can change
that to a HTTP 301 response by setting permanent
parameter to False
sslify = FalconSSlify(permanent=False)
Skip Redirection on Certain Endpoints¶
It is also possible to support HTTP and disable redirection on certain endpoints
by passing a list of such paths to skips
parameter.
sslify = FalconSSlify(skips=['http_only', 'anotherpath'])
Notes¶
When using basic auth, this middelware must be placed before any other authentication middleware so that credentials are always propmted on a ssl connection and not on http ones.
API¶
-
class
falcon_sslify.
FalconSSLify
(age=31536000, subdomains=True, permanent=True, skips=None)[source]¶ Initialize the falcon sslify middleware passing in configuration options. All configuration options are optional.
- Args:
- age(int, optional): Specifies the maximum duration for
- HTST(HTTP Strict Transport Policy). Default is
31536000
(1 year) - subdomains(bool, optional): Specify if you would like to include subdomain in
- HSTS policy. Default is
True
- permanent(bool, optional): Specifies whether redirect is issued with
- HTTP 302 response or a HTTP 301 one. Default is
True
which means permanent redirect aka HTTP 302 response code
skips(list, optional): A list of paths to be excluded from being redirected
-
hsts_header
¶ Returns the proper HSTS() policy.