(Yes, I know "TLS" would be more accurate. Deal with it.)
I was using static, and I wanted to force SSL. It was hard. So I made it easy:
app = sslify(static.Cling('content/'))
It really is that easy; just wrap your app with
from somewhere import my_wsgi_app from wsgi_sslify import sslify app = sslify(my_wsgi_app)
You can pass some keyword arguments to
sslify to control its behavior:
True) - set a
Strict-Transport-Securityheader, which instructs browsers to always use HTTPS. See OWASP for more details on HSTS.
max_age(default: one year) - length, in seconds, for browsers to force HTTPS.
False) - force HTTPS for all subdomains, too.
True) - issue a permanent (HTTP 301) redirect. If False, issue a temporary (HTTP 302) redirect.
X-Forwarded-Proto) - for services behind a proxy, this is the name of the header that contains the real request scheme.
- Use werkzeug to ensure the URL is always bytes (#1).
- Initial release.
To run the tests:
- Optional (but recommended): Create/activate a virtualenv.
pip install -r dev-requirements.txt
See the py.test docs for more options.
Contributing: send me pull requests.