apifrom.utils.security_headers
==============================




.. py:currentmodule:: apifrom.utils.security_headers

Overview
--------


**Functions**

* :py:func:`build_csp`
* :py:func:`build_hsts`
* :py:func:`build_permissions_policy`
* :py:func:`create_security_headers`
* :py:func:`should_apply_security_headers`






Functions
---------

.. py:function:: build_csp(directives)


Build a Content-Security-Policy header value from directives.

   :param directives: Dictionary of CSP directives

   :returns: CSP header value as string


.. py:function:: build_hsts(config)


Build a Strict-Transport-Security header value.

   :param config: HSTS configuration options

   :returns: HSTS header value as string


.. py:function:: build_permissions_policy(directives)


Build a Permissions-Policy header value.

   :param directives: Dictionary of permissions policy directives

   :returns: Permissions-Policy header value as string


.. py:function:: create_security_headers(content_security_policy = None, x_frame_options = None, x_content_type_options = 'nosniff', referrer_policy = None, strict_transport_security = None, permissions_policy = None, x_xss_protection = '1; mode=block', cache_control = None, exempt_paths = None, exempt_content_types = None)


Create a dictionary of security headers for HTTP responses.

   :param content_security_policy: CSP directives as a dictionary
   :param x_frame_options: X-Frame-Options header value (e.g. "DENY", "SAMEORIGIN")
   :param x_content_type_options: X-Content-Type-Options header value
   :param referrer_policy: Referrer-Policy header value
   :param strict_transport_security: HSTS configuration as a dictionary
   :param permissions_policy: Permissions Policy directives as a dictionary
   :param x_xss_protection: X-XSS-Protection header value
   :param cache_control: Cache-Control header value
   :param exempt_paths: List of URL paths exempt from security headers
   :param exempt_content_types: List of content types exempt from security headers

   :returns: Dictionary of security headers


.. py:function:: should_apply_security_headers(path, content_type = None, exempt_paths = None, exempt_content_types = None)


Determine if security headers should be applied to a response.

   :param path: URL path of the request
   :param content_type: Content-Type of the response
   :param exempt_paths: List of URL paths exempt from security headers
   :param exempt_content_types: List of content types exempt from security headers

   :returns: True if security headers should be applied, False otherwise