flask-sslify

mirror of https://github.com/not-kennethreitz/flask-sslify.git synced 2026-06-05 15:00:21 +00:00

T

Kenneth Reitz f0b8840ced Merge pull request #14 from jgelens/master

Make init_app work properly

2013-08-30 05:11:03 -07:00

flask_sslify.py

Move hsts_age and other variables set in __init__ out of the if statement

2013-07-18 09:48:41 +02:00

LICENSE

lawyer up

2012-04-29 16:27:43 -04:00

README.rst

Typo and emphase on default duration

2013-08-30 13:50:36 +02:00

setup.py

v0.1.4

2012-11-16 03:09:27 +01:00

README.rst

Flask-SSLify
============

This is a simple Flask extension that configures your Flask application to redirect
all incoming requests to HTTPS.

Redirects only occur when ``app.debug`` is ``False``.

Usage
-----

Usage is pretty simple::

    from flask import Flask
    from flask_sslify import SSLify

    app = Flask(__name__)
    sslify = SSLify(app)


If you make an HTTP request, it will automatically redirect::

    $ curl -I http://secure-samurai.herokuapp.com/
    HTTP/1.1 302 FOUND
    Content-length: 281
    Content-Type: text/html; charset=utf-8
    Date: Sun, 29 Apr 2012 21:39:36 GMT
    Location: https://secure-samurai.herokuapp.com/
    Server: gunicorn/0.14.2
    Strict-Transport-Security: max-age=31536000
    Connection: keep-alive


HTTP Strict Transport Security
------------------------------

Flask-SSLify also provides your application with an HSTS policy.

By default, HSTS is set for *one year* (31536000 seconds).

You can change the duration by passing the ``age`` parameter::

    sslify = SSLify(app, age=300)

If you'd like to include subdomains in your HSTS policy, set the ``subdomains`` parameter::

    sslify = SSLify(app, subdomains=True)


HTTP 301 Redirects
------------------

By default, the redirect is issued with a HTTP 302 response. You can change that to a HTTP 301 response
by passing the ``permanent`` parameter::

    sslify = SSLify(app, permanent=True)


Install
-------

Installation is simple too::

    $ pip install Flask-SSLify