The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) is a standard feature used to instruct clients that a site should only be accessed using HTTPS, and any attempt to access it using HTTP should be converted automatically to HTTPS.
BlackSheep offers a middleware to configure HTTP Strict-Transport-Security response header globally. This page explains how to use the built-in middleware to enforce HSTS on a web application.
from blacksheep import Application from blacksheep.server.env import is_development from blacksheep.server.security.hsts import HSTSMiddleware app = Application() if not is_development(): app.middlewares.append(HSTSMiddleware())
Considerations for local development
It is generally undesirable enabling
HSTS during local development, since
browsers get instructed to require
HTTPS for all traffic on
This is why the example above configures the middleware only if the
application is not running for development.
See Defining application environment
for more information.
For more information¶
For more information on HTTP Strict Transport Security, it is recommended to refer to the developer.mozilla.org documentation.
Last modified on: 2023-04-17 19:20:50