Application Security

en_application.security

This module provides functionality related to application security. Applications should use this module to provide secure mechanisms for common application level security practices.

Strict Transport Security

en_application.security.hsts

This module provides functionality to handle the Strict-Transport-Security header in different types of web and cloud applications.

Defined Constants

en_application.security.hsts.constants

The following constants are defined in the module:

HSTS_MAX_AGE

The maximum age a browser should remember to acces the site using HTTPS. It’s been set to 1 year.

HSTS_HEADER

The header name to populate.

HSTST_VALUE

The value of the header, which includes the max age.

Most applications would not need to access these constants.

Chalice

en_application.security.hsts.chalice

This module provides functionality to populate the Strict-Transport-Security header in Chalice applications.

populate_hsts_header(event, get_response)

Populates the Strict-Transport-Security header in the response being processed. The function implements the Chalice Middleware interface so that it can be called from a registered middleware callable.

Parameters:

• event (dict) – The event sent to the API handler.

• get_reponse (callable) – Function that process the response.

Returns:

The response processed by the API with the header populated.

The following code shows how to integrate the function in your Chalice application:

# in app.py
import chalice
import en_application.security.hsts.chalice as cmw

app = Chalice(app_name='app-with-middleware)

@app.middleware('http')
def hsts_middleware(event, get_reponse):
    return cmw.populate_hsts_header(event, get_response)

WSGI

en_application.security.hsts.wsgi

This module provides functionality to handle the Strict-Transport-Security header in WSGI applications.

class HstsMiddleware(app)

Implements the WSGI Middleware interface to populate all responses with the Strict-Transport-Security header.

Parameters:

app (WsgiApplication) – WSGI application to which install the middleware.

The following example shows how to integrate this middleware in a Flask application where the main application is customized:

# in app.py
import flask
import en_application.security.hsts.wsgi as wsgim

class Application(flask.Flask):
    def __init__(self, **kwargs):
        super().__init__('my-app', **kwargs)
        self.wsgi_app = wsgim.HstsMiddleware(self.wsgi_app)

app = Application()

__call__(environ, start_response)

Implements WSGI Middleware interface to populates the Strict-Transport-Security header in the processed response.

Parameters:

• environ – Environment parameter.

• start_response – Request processing callback.

Returns:

An WSGI response with the headers populated.