The falcon-require-https package provides a middleware component
for sanity-checking that the incoming request was received over
HTTPS. While the web server is primarily responsibile for enforcing the
HTTPS protocol, misconfiguration is still a leading cause of security
vulnerabilities, and so it can be helpful to perform certain additional
checks, such as this one, within the application layer itself.
$ pip install falcon-require-httpsThe RequireHTTPS middleware class verifies each incoming request. To use
it, simply pass an instance to the falcon.API() initializer:
from falcon_require_https import RequireHTTPS
app = falcon.API(middleware=[RequireHTTPS()])At least one of the following sources must indicate the use of HTTPS:
- The schema of the requested URL
- The X-Forwarded-Proto header
- The Forwarded header (only the first hop is checked)
Otherwise, an instance of falcon.HTTPBadRequest is raised.
This middleware is not meant to replace proper security controls in your web server or load balancer. It is simply meant as a final backstop to guard against inadvertent misconfiguration at the networking layer.
This middleware component is based on paul291's original proof of concept, which was originally submitted as a PR to the falconry/falcon repo.
Falcon is a bare-metal Python web framework for building lean and mean cloud APIs and app backends. It encourages the REST architectural style, and tries to do as little as possible while remaining highly effective.
