tag:github.com,2008:https://github.com/TypeError/secure/releases 2024-10-18T09:22:56Z tag:github.com,2008:Repository/159254159/v1.0.1 2024-10-18T09:29:34Z <p>This release focuses on improving the performance of the <code>Secure.set_headers</code> method by reducing redundant type checks. The changes optimize the efficiency when setting multiple headers, especially in frameworks that support both synchronous and asynchronous methods.</p> <h2>Key updates in v1.0.1:</h2> <ul> <li><strong>Performance Improvement</strong>: Reduced redundant type checks in <code>Secure.set_headers</code> and <code>Secure.set_headers_async</code>. This optimizes the process by checking the response type once before looping through headers, enhancing performance for applications with multiple headers. <a href="https://github.com/TypeError/secure/issues/26" data-hovercard-type="issue" data-hovercard-url="/TypeError/secure/issues/26/hovercard">#26</a></li> <li><strong>New Tests</strong>: Added comprehensive tests to validate async and sync behavior for setting headers, ensuring compatibility across different frameworks.</li> </ul> <h2>Special Thanks</h2> <p>A big thank you to <a href="https://github.com/davidwtbuxton">@davidwtbuxton</a> for raising the issue and helping us improve the project.</p> <h2>How to Upgrade</h2> <p>To upgrade to v1.0.1, simply run:</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="pip install --upgrade secure"><pre>pip install --upgrade secure</pre></div> cak tag:github.com,2008:Repository/159254159/v1.0.0 2024-09-27T09:07:05Z <p>We’re excited to announce the release of <code>secure.py</code> v1.0.0! This is a <strong>major update</strong> that completely redesigns the library with modern Python support and significant improvements in usability, security, and performance.</p> <h4><strong>What's New:</strong></h4> <ul> <li> <p><strong>Full API Overhaul:</strong> The entire library has been redesigned for Python 3.10+ with a more Pythonic API, leveraging type hints and modern language features like union operators (<code>|</code>) and <code>cached_property</code>.</p> </li> <li> <p><strong>Improved Framework Support:</strong> Enhanced integration for popular web frameworks like <strong>FastAPI</strong>, <strong>Flask</strong>, <strong>Django</strong>, <strong>Sanic</strong>, <strong>Starlette</strong>, and more, with improved support for asynchronous frameworks.</p> </li> <li> <p><strong>Middleware Examples:</strong> We've added middleware-based integration examples for supported frameworks, making it easier to apply security headers across your application.</p> </li> <li> <p><strong>Enhanced Security Defaults:</strong> Updated default security headers for stronger protection, including refined <strong>Content-Security-Policy</strong> (CSP) configurations with <code>nonce</code> and <code>strict-dynamic</code> directives.</p> </li> <li> <p><strong>Better Type Annotations:</strong> The entire codebase now includes better type hints and annotations for an improved developer experience.</p> </li> </ul> <h4><strong>Breaking Changes:</strong></h4> <ul> <li> <p><strong>API Redesign:</strong> The library has undergone a full API redesign, and some previous methods have been deprecated or refactored. Be sure to review the documentation before upgrading.</p> </li> <li> <p><strong>Python 3.10+ Required:</strong> This release drops support for older versions of Python. Ensure you are running Python 3.10 or later before upgrading.</p> </li> </ul> <h4><strong>Additional Updates:</strong></h4> <ul> <li><strong>Server Header Handling:</strong> Improved handling for overriding <code>Server</code> headers in Uvicorn-based frameworks, with examples on how to prevent default Uvicorn headers.</li> <li><strong>Expanded Documentation:</strong> Updated and more comprehensive documentation with examples for middleware and asynchronous header application.</li> </ul> <p>We look forward to your feedback! 🚀</p> cak tag:github.com,2008:Repository/159254159/0.3.0 2021-04-27T06:41:40Z <p><strong>Breaking Changes</strong></p> <p>Changelog:</p> <ul> <li>Full redesign of Secure API</li> <li>Removal of cookie support</li> <li>Add type hints</li> <li>Add support for <a href="https://fastapi.tiangolo.com" rel="nofollow">FastAPI</a></li> <li>Change <code>Feature-Policy</code> to <code>Permissions-Policy</code> (#10)</li> </ul> cak tag:github.com,2008:Repository/159254159/v0.2.1 2018-12-24T11:20:10Z <p>Merry Christmas! 🎅</p> <ul> <li>Add support for <a href="https://docs.masoniteproject.com" rel="nofollow">Masonite</a></li> <li>Remove trailing semicolon from Feature Policy</li> <li>Rename <code>Feature.Values.All</code> to <code>Feature.Values.All_</code> (shadowed built-in name 'all')</li> <li>Modify hug implementation for SecureHeaders and SecureCookie</li> <li>Upper-case SameSite Enum (<code>SameSite.LAX</code> / <code>SameSite.STRICT</code>)</li> <li>Add SecureHeaders and SecureCookie docstrings</li> </ul> cak tag:github.com,2008:Repository/159254159/v0.2.0 2018-12-16T13:05:11Z <ul> <li>Add policy builder <code>SecurePolicies</code> (policies.py)</li> <li>Add <code>Expires</code> header for legacy browser support</li> <li>Add <code>max-age</code> directive to <code>Cache-control</code> header</li> <li>Rename <code>XXS</code> argument to <code>XXP</code></li> <li>Use native Flask set-cookie</li> </ul> cak