apifrom.utils.security_headers

Overview

Functions

build_csp()
build_hsts()
build_permissions_policy()
create_security_headers()
should_apply_security_headers()

Functions

apifrom.utils.security_headers.build_csp(directives)[source]

Parameters:: directives (Dict[str, Union[str, List[str]]])
Return type:: str

Build a Content-Security-Policy header value from directives.

param directives:

Dictionary of CSP directives

returns:

CSP header value as string

apifrom.utils.security_headers.build_hsts(config)[source]

Parameters:: config (Dict[str, Any])
Return type:: str

Build a Strict-Transport-Security header value.

param config:

HSTS configuration options

returns:

HSTS header value as string

apifrom.utils.security_headers.build_permissions_policy(directives)[source]

Parameters:: directives (Dict[str, Union[bool, str, List[str]]])
Return type:: str

Build a Permissions-Policy header value.

param directives:

Dictionary of permissions policy directives

returns:

Permissions-Policy header value as string

apifrom.utils.security_headers.create_security_headers(content_security_policy=None, x_frame_options=None, x_content_type_options='nosniff', referrer_policy=None, strict_transport_security=None, permissions_policy=None, x_xss_protection='1; mode=block', cache_control=None, exempt_paths=None, exempt_content_types=None)[source]

Parameters:

content_security_policy (Optional[Dict[str, Union[str, List[str]]]])
x_frame_options (Optional[str])
x_content_type_options (str)
referrer_policy (Optional[str])
strict_transport_security (Optional[Dict[str, Any]])
permissions_policy (Optional[Dict[str, Union[bool, str, List[str]]]])
x_xss_protection (str)
cache_control (Optional[str])
exempt_paths (Optional[List[str]])
exempt_content_types (Optional[List[str]])

Return type:

Dict[str, str]

Create a dictionary of security headers for HTTP responses.

param content_security_policy:

CSP directives as a dictionary

param x_frame_options:

X-Frame-Options header value (e.g. “DENY”, “SAMEORIGIN”)

param x_content_type_options:

X-Content-Type-Options header value

param referrer_policy:

Referrer-Policy header value

param strict_transport_security:

HSTS configuration as a dictionary

param permissions_policy:

Permissions Policy directives as a dictionary

param x_xss_protection:

X-XSS-Protection header value

param cache_control:

Cache-Control header value

param exempt_paths:

List of URL paths exempt from security headers

param exempt_content_types:

List of content types exempt from security headers

returns:

Dictionary of security headers

apifrom.utils.security_headers.should_apply_security_headers(path, content_type=None, exempt_paths=None, exempt_content_types=None)[source]

Parameters:

path (str)
content_type (Optional[str])
exempt_paths (Optional[List[str]])
exempt_content_types (Optional[List[str]])

Return type:

bool

Determine if security headers should be applied to a response.

param path:

URL path of the request

param content_type:

Content-Type of the response

param exempt_paths:

List of URL paths exempt from security headers

param exempt_content_types:

List of content types exempt from security headers

returns:

True if security headers should be applied, False otherwise