Metadata-Version: 2.0
Name: falcon-require-https
Version: 0.1.0.dev0
Summary: Falcon middleware for sanity-checking that HTTPS was used for the request.
Home-page: https://github.com/falconry/falcon-require-https
Author: paul291
Author-email: UNKNOWN
License: Apache 2.0
Keywords: wsgi web api framework rest http https tls cloud security
Platform: UNKNOWN
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Web Environment
Classifier: Natural Language :: English
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Operating System :: MacOS :: MacOS X
Classifier: Operating System :: Microsoft :: Windows
Classifier: Operating System :: POSIX
Classifier: Topic :: Internet :: WWW/HTTP :: WSGI
Classifier: Topic :: Software Development :: Libraries :: Application Frameworks
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Programming Language :: Python :: Implementation :: PyPy
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3.3
Classifier: Programming Language :: Python :: 3.4
Classifier: Programming Language :: Python :: 3.5
Requires-Dist: falcon

Falcon Middleware: Require HTTPS |Build Status| |codecov.io|
============================================================

The ``falcon-require-https`` package provides a middleware component
for sanity-checking that the incoming request was received over
HTTPS. While the web server is primarily responsibile for enforcing the
HTTPS protocol, misconfiguration is still a leading cause of security
vulnerabilities, and so it can be helpful to perform certain additional
checks, such as this one, within the application layer itself.

Quick Links
-----------

* `View the code <https://github.com/falconry/falcon-require-https>`__.
* `Join the discussion group <https://groups.google.com/forum/#!forum/falconframework>`__.
* `Hang out in #falconframework on freenode <https://kiwiirc.com/client/irc.freenode.net/?#falconframework>`__.

Installation
------------

.. code:: bash

    $ pip install falcon-require-https

Usage
-----

The ``RequireHTTPS`` middleware class verifies each incoming request. To use
it, simply pass an instance to the ``falcon.API()`` initializer:

.. code:: python

    from falcon_require_https import RequireHTTPS

    app = falcon.API(middleware=[RequireHTTPS()])

At least one of the following sources must indicate the use of HTTPS:

* The schema of the requested URL
* The X-Forwarded-Proto header
* The Forwarded header (only the first hop is checked)

Otherwise, an instance of ``falcon.HTTPBadRequest`` is raised.

Caution
-------

This middleware is not meant to replace proper security controls in your
web server or load balancer. It is simply meant as a final backstop to
guard against inadvertent misconfiguration at the networking layer.

Credits
-------

This middleware component is based on paul291's original
proof of concept, which was originally submitted as a PR to the
`falconry/falcon` repo.

About Falcon
------------

Falcon is a `bare-metal Python web
framework <http://falconframework.org/index.html>`__ for building lean and
mean cloud APIs and app backends. It encourages the REST architectural style,
and tries to do as little as possible while remaining `highly
effective <http://falconframework.org/index.html#Benefits>`__.


.. |Build Status| image:: https://travis-ci.org/falconry/falcon-require-https.svg
   :target: https://travis-ci.org/falconry/falcon-require-https
.. |codecov.io| image:: https://codecov.io/gh/falconry/falcon-require-https/branch/master/graph/badge.svg
   :target: https://codecov.io/gh/falconry/falcon-require-https


