falcon-sslify

version Documentation Status

A simple falcon middleware that configures your app to redirect all incoming requests to HTTPS. This is a port of flask-sslify by Kenneth Reitz from flask to falcon

Installation

Install the extension with using pip, or easy_install.

$ pip install -U falcon-sslify

Usage

This package exposes a falcon middleware which by default forces SSL on all routes and also enables HSTS

import falcon
from falcon_sslify import FalconSSLify

sslify = FalconSSLify()
api = falcon.API(middleware=[sslify])

HTTP Strict Transport Security

flask-sslify also enables HSTS policy for your application by default. By default, HSTS is set for 1 year ie 31536000 seconds. You can change the duration by passing the age parameter:

sslify = FalconSSlify(age=30000)

By default, HSTS is also enabled for subdomains, you can disable it by setting the subdomains parameter to False

sslify = FalconSSlify(subdomains=False)

HTTP 301 Redirects

By default, the redirect is issued with a HTTP 302 response. You can change that to a HTTP 301 response by setting permanent parameter to False

sslify = FalconSSlify(permanent=False)

Skip Redirection on Certain Endpoints

It is also possible to support HTTP and disable redirection on certain endpoints by passing a list of such paths to skips parameter.

sslify = FalconSSlify(skips=['http_only',  'anotherpath'])

Notes

When using basic auth, this middelware must be placed before any other authentication middleware so that credentials are always propmted on a ssl connection and not on http ones.

API

class falcon_sslify.FalconSSLify(age=31536000, subdomains=True, permanent=True, skips=None)[source]

Initialize the falcon sslify middleware passing in configuration options. All configuration options are optional.

Args:
age(int, optional): Specifies the maximum duration for
HTST(HTTP Strict Transport Policy). Default is 31536000 (1 year)
subdomains(bool, optional): Specify if you would like to include subdomain in
HSTS policy. Default is True
permanent(bool, optional): Specifies whether redirect is issued with
HTTP 302 response or a HTTP 301 one. Default is True which means permanent redirect aka HTTP 302 response code

skips(list, optional): A list of paths to be excluded from being redirected

hsts_header

Returns the proper HSTS() policy.