apifrom.utils.hstsο
Overviewο
Classes
Classesο
Utility class for HTTP Strict Transport Security (HSTS) header management.
- apifrom.utils.hsts.build_hsts_header(max_age=31536000, include_subdomains=True, preload=False, exempt_paths=None)ο
- :staticmethod:
Build an HSTS header value.
- param max_age:
Maximum time (in seconds) browsers should remember this site is HTTPS only
- param include_subdomains:
Whether the HSTS policy applies to all subdomains
- param preload:
Whether the site should be included in browser preload lists
- param exempt_paths:
List of paths that should be exempt from HSTS
- returns:
HSTS header value string
- apifrom.utils.hsts.get_hsts_directives(header_value)ο
- :staticmethod:
Parse HSTS header value into directives.
- param header_value:
HSTS header value string
- returns:
Dictionary of directives
- apifrom.utils.hsts.should_apply_hsts(path, exempt_paths=None)ο
- :staticmethod:
Determine whether HSTS should be applied based on the request path.
- param path:
The request path
- param exempt_paths:
List of paths that should be exempt from HSTS
- returns:
Boolean indicating whether HSTS should be applied