apifrom.security.hsts

HTTP Strict Transport Security (HSTS) implementation for APIFromAnything.

This module provides utilities for implementing HSTS preloading to ensure that browsers always use HTTPS for your API.

Overview

Classes

Classes

BaseMiddleware(**options):bases: abc.ABC

Base middleware class for APIFromAnything.

This abstract class defines the interface for middleware components. Middleware components can process requests and responses.

apifrom.security.hsts.options

Options for the middleware.

Type:

dict

Initialize a new BaseMiddleware instance.

param **options:

Options for the middleware.

HSTSMiddleware(max_age = 31536000, include_subdomains = True, preload = False, force_https_redirect = True, exempt_paths = None):bases: apifrom.middleware.base.BaseMiddleware

Middleware for implementing HTTP Strict Transport Security (HSTS).

This middleware adds the Strict-Transport-Security header to responses to instruct browsers to only use HTTPS for your API.

Initialize the HSTS middleware.

param max_age:

The time, in seconds, that the browser should remember that a site is only to be accessed using HTTPS

param include_subdomains:

Whether the HSTS policy applies to all subdomains

param preload:

Whether to include the site in the HSTS preload list

param force_https_redirect:

Whether to redirect HTTP requests to HTTPS

param exempt_paths:

Paths exempt from HSTS

apifrom.security.hsts._add_hsts_header(response)

Add the Strict-Transport-Security header to a response.

param response:

The response to add the header to

apifrom.security.hsts._build_hsts_header()

Build the Strict-Transport-Security header value.

returns:

The header value

apifrom.security.hsts._get_https_redirect_url(request)

Get the HTTPS redirect URL for a request.

param request:

The request to redirect

returns:

The HTTPS redirect URL

apifrom.security.hsts._is_exempt(request)

Check if a request is exempt from HSTS.

param request:

The request to check

returns:

True if the request is exempt, False otherwise

apifrom.security.hsts._is_https(request)

Check if a request is using HTTPS.

param request:

The request to check

returns:

True if the request is using HTTPS, False otherwise

apifrom.security.hsts.process_request(request)
:async:

Process a request through the HSTS middleware.

param request:

The request to process

returns:

The processed request

apifrom.security.hsts.process_response(response)
:async:

Process a response through the HSTS middleware.

param response:

The response to process

returns:

The processed response

class apifrom.security.hsts.HSTSPreloadChecker[source]

Utility for checking if a domain is eligible for HSTS preloading.

This class provides methods to check if a domain meets the requirements for inclusion in the HSTS preload list.

apifrom.security.hsts.check_eligibility(domain, hsts_header, has_valid_certificate=True, all_subdomains_https=False, redirect_to_https=True)
:staticmethod:

Check if a domain is eligible for HSTS preloading.

param domain:

The domain to check

param hsts_header:

The Strict-Transport-Security header value

param has_valid_certificate:

Whether the domain has a valid SSL/TLS certificate

param all_subdomains_https:

Whether all subdomains support HTTPS

param redirect_to_https:

Whether the domain redirects HTTP to HTTPS

returns:

A dictionary with the eligibility status and any issues

apifrom.security.hsts.get_submission_instructions(domain)
:staticmethod:

Get instructions for submitting a domain to the HSTS preload list.

param domain:

The domain to submit

returns:

Instructions for submitting the domain

class apifrom.security.hsts.Request(request=None, path_params=None, method=None, path=None, query_params=None, headers=None, body=None, client_ip=None)[source]
Parameters:

  • request (Optional[starlette.requests.Request])

  • path_params (Optional[dict[Any, Any]])

  • method (Optional[str])

  • path (Optional[str])

  • query_params (Optional[dict[Any, Any]])

  • headers (Optional[dict[Any, Any]])

  • body (Optional[Union[str, bytes]])

  • client_ip (Optional[str])

Request class for APIFromAnything.

This class wraps a Starlette request and provides methods for accessing request data in a convenient way.

apifrom.security.hsts._request

The underlying Starlette request.

apifrom.security.hsts.path_params

Path parameters extracted from the URL.

apifrom.security.hsts.query_params

Query parameters extracted from the URL.

apifrom.security.hsts.headers

HTTP headers.

apifrom.security.hsts.method

HTTP method.

apifrom.security.hsts.path

Request path.

apifrom.security.hsts._body

Cached request body.

Initialize a new Request instance.

param request:

The underlying Starlette request.

param path_params:

Path parameters extracted from the URL.

param method:

The HTTP method.

param path:

The request path.

param query_params:

Query parameters.

param headers:

HTTP headers.

param body:

Request body.

param client_ip:

Client IP address.

class apifrom.security.hsts.Response(content=None, status_code=200, headers=None, content_type='application/json')[source]
Parameters:

  • content (Any)

  • status_code (int)

  • headers (Optional[Dict[str, str]])

  • content_type (str)

Response class for APIFromAnything.

This class represents an HTTP response and provides methods for setting response data, status code, and headers.

apifrom.security.hsts.content

The response content.

apifrom.security.hsts.status_code

The HTTP status code.

apifrom.security.hsts.headers

HTTP headers.

apifrom.security.hsts.content_type

The content type of the response.

Initialize a new Response instance.

param content:

The response content.

param status_code:

The HTTP status code.

param headers:

HTTP headers.

param content_type:

The content type of the response.