wsgi-sslify

WSGI middleware to force HTTPS.


License
Other
Install
pip install wsgi-sslify==1.0.1

Documentation

WSGI-SSLify

Build Status

(Yes, I know "TLS" would be more accurate. Deal with it.)

WSGI middleware to redirect all incoming HTTP requests to HTTPS. Inspired by djangosecure and flask-sslify, except for raw WSGI apps.

Why?

I was using static, and I wanted to force SSL. It was hard. So I made it easy:

app = sslify(static.Cling('content/'))

Usage

It really is that easy; just wrap your app with sslify:

from somewhere import my_wsgi_app
from wsgi_sslify import sslify

app = sslify(my_wsgi_app)

Options

You can pass some keyword arguments to sslify to control its behavior:

  • hsts (default: True) - set a Strict-Transport-Security header, which instructs browsers to always use HTTPS. See OWASP for more details on HSTS.

  • max_age (default: one year) - length, in seconds, for browsers to force HTTPS.

  • subdomains (default: False) - force HTTPS for all subdomains, too.

  • permanent (default: True) - issue a permanent (HTTP 301) redirect. If False, issue a temporary (HTTP 302) redirect.

  • proxy_header (default: X-Forwarded-Proto) - for services behind a proxy, this is the name of the header that contains the real request scheme.

Changes

1.0.1

  • Use werkzeug to ensure the URL is always bytes (#1).

1.0

  • Initial release.

Contributing

To run the tests:

  • Optional (but recommended): Create/activate a virtualenv.
  • $ pip install -r dev-requirements.txt
  • $ flake8
  • $ py.test

See the py.test docs for more options.

Contributing: send me pull requests.