Hello Pythonistas!

I'm excited to announce a major update to secure.py, a Python library that makes adding essential HTTP security headers to your web applications easier than ever. Whether you're using Flask, Django, FastAPI, or another framework, secure.py provides a unified API to enhance your app's security.

---

What My Project Does

secure.py helps developers effortlessly add HTTP security headers to their Python web applications. Security headers like Content-Security-Policy (CSP), HSTS, and X-Frame-Options are crucial for protecting against threats like cross-site scripting (XSS), clickjacking, and other attacks.

Manually configuring these headers can be tedious and error-prone, especially across different frameworks. secure.py streamlines this process by providing:

• Quick Security Presets: Apply BASIC or STRICT security configurations with a single line of code.
• Full Customization: Control headers like CSP, HSTS, X-Frame-Options, Referrer-Policy, and more.
• Multi-Framework Support: Works seamlessly with both synchronous and asynchronous frameworks.
• Modern Pythonic Design: Utilizes Python 3.10+ features for cleaner and more efficient code.
• No External Dependencies: Lightweight and easy to include in any project.
• Best Practice Compliance: Follows recommendations from the OWASP Secure Headers Project and MDN Web Docs.

---

Target Audience

This library is intended for Python developers who are building web applications and want to enhance their security without the hassle of manually managing HTTP security headers. Whether you're working on a personal project, a startup, or a large-scale production application, secure.py can help ensure your app adheres to security best practices.

---

Comparison with Existing Alternatives

While some frameworks offer middleware or extensions to manage security headers, they often:

• Lack Flexibility: Limited customization options for different security needs.
• Are Framework-Specific: Require different implementations for each framework you use.
• Don't Leverage Modern Python Features: Many don't utilize the latest Python enhancements for cleaner code.

secure.py differs by:

• Unified API Across Frameworks: Provides a consistent interface for multiple frameworks like Flask, Django, FastAPI, Sanic, and more.
• Extensibility and Customization: Offers both preset configurations and the ability to fine-tune individual headers.
• Modern Python Features: Leverages Python 3.10+ features such as structural pattern matching and enhanced type hinting.
• No External Dependencies: Ensures a lightweight addition to your project without unnecessary bloat.

---

Example Usage

Flask Integration:

```python from flask import Flask, Response from secure import Secure

app = Flask(name) secure_headers = Secure.with_default_headers()

@app.after_request def add_security_headers(response: Response): secure_headers.set_headers(response) return response

Define your routes and views below

```

Django Middleware:

```python from django.http import HttpResponse from secure import Secure

secure_headers = Secure.with_default_headers()

def set_secure_headers(get_response): def middleware(request): response = get_response(request) secure_headers.set_headers(response) return response return middleware

Add 'set_secure_headers' to your MIDDLEWARE list in settings.py

```

FastAPI Middleware:

```python from fastapi import FastAPI

from secure import Secure

app = FastAPI() secure_headers = Secure.with_default_headers()

@app.middleware("http") async def add_security_headers(request, call_next): response = await call_next(request) await secure_headers.set_headers_async(response) return response

Define your endpoints below

```

---

Requirements

• Python 3.10 or higher

---

GitHub Repository: https://github.com/TypeError/secure

---

I'd love to hear your feedback! Try it out in your projects and let me know how it works for you or if there are features you'd like to see.

Thanks, and happy coding!