WSGI-SSLify

(Yes, I know "TLS" would be more accurate. Deal with it.)

WSGI middleware to redirect all incoming HTTP requests to HTTPS. Inspired by djangosecure and flask-sslify, except for raw WSGI apps.

Why?

I was using static, and I wanted to force SSL. It was hard. So I made it easy:

app = sslify(static.Cling('content/'))

Usage

It really is that easy; just wrap your app with sslify:

from somewhere import my_wsgi_app
from wsgi_sslify import sslify

app = sslify(my_wsgi_app)

Options

You can pass some keyword arguments to sslify to control its behavior:

• hsts (default: True) - set a Strict-Transport-Security header, which instructs browsers to always use HTTPS. See OWASP for more details on HSTS.

• max_age (default: one year) - length, in seconds, for browsers to force HTTPS.

• subdomains (default: False) - force HTTPS for all subdomains, too.

• permanent (default: True) - issue a permanent (HTTP 301) redirect. If False, issue a temporary (HTTP 302) redirect.

• proxy_header (default: X-Forwarded-Proto) - for services behind a proxy, this is the name of the header that contains the real request scheme.

Changes

1.0.1

• Use werkzeug to ensure the URL is always bytes (#1).

1.0

• Initial release.

Contributing

To run the tests:

• Optional (but recommended): Create/activate a virtualenv.
• $ pip install -r dev-requirements.txt
• $ flake8
• $ py.test

See the py.test docs for more options.

Contributing: send me pull requests.