We’re excited to announce the release of secure.py v1.0.0! This is a major update that completely redesigns the library with modern Python support and significant improvements in usability, security, and performance.
What's New:
-
Full API Overhaul: The entire library has been redesigned for Python 3.10+ with a more Pythonic API, leveraging type hints and modern language features like union operators (
|) andcached_property. -
Improved Framework Support: Enhanced integration for popular web frameworks like FastAPI, Flask, Django, Sanic, Starlette, and more, with improved support for asynchronous frameworks.
-
Middleware Examples: We've added middleware-based integration examples for supported frameworks, making it easier to apply security headers across your application.
-
Enhanced Security Defaults: Updated default security headers for stronger protection, including refined Content-Security-Policy (CSP) configurations with
nonceandstrict-dynamicdirectives. -
Better Type Annotations: The entire codebase now includes better type hints and annotations for an improved developer experience.
Breaking Changes:
-
API Redesign: The library has undergone a full API redesign, and some previous methods have been deprecated or refactored. Be sure to review the documentation before upgrading.
-
Python 3.10+ Required: This release drops support for older versions of Python. Ensure you are running Python 3.10 or later before upgrading.
Additional Updates:
- Server Header Handling: Improved handling for overriding
Serverheaders in Uvicorn-based frameworks, with examples on how to prevent default Uvicorn headers. - Expanded Documentation: Updated and more comprehensive documentation with examples for middleware and asynchronous header application.
We look forward to your feedback! 🚀