The falcon-require-https package provides a middleware component for sanity-checking that the incoming request was received over HTTPS. While the web server is primarily responsibile for enforcing the HTTPS protocol, misconfiguration is still a leading cause of security vulnerabilities, and so it can be helpful to perform certain additional checks, such as this one, within the application layer itself.
$ pip install falcon-require-httpsThe RequireHTTPS middleware class verifies each incoming request. To use it, simply pass an instance to the falcon.API() initializer:
from falcon_require_https import RequireHTTPS
app = falcon.API(middleware=[RequireHTTPS()])At least one of the following sources must indicate the use of HTTPS:
- The schema of the requested URL
- The X-Forwarded-Proto header
- The Forwarded header (only the first hop is checked)
Otherwise, an instance of falcon.HTTPBadRequest is raised.
This middleware is not meant to replace proper security controls in your web server or load balancer. It is simply meant as a final backstop to guard against inadvertent misconfiguration at the networking layer.
This middleware component is based on paul291's original proof of concept, which was originally submitted as a PR to the falconry/falcon repo.
Falcon is a bare-metal Python web framework for building lean and mean cloud APIs and app backends. It encourages the REST architectural style, and tries to do as little as possible while remaining highly effective.