HSTSPolicy

class HSTSPolicy(**kwargs)

HSTSPolicy implements HTTP policies, as described by RFC 6797.

domain represents the host that this policy applies to. The domain must be IDNA-canonicalized. new and related methods will do this for you.

max_age contains the ‘max-age’ value from the Strict Transport Security header and indicates the time to live of this policy, in seconds.

expires will be non-None if the policy has been set by the host and hence has an expiry time. If expires is None, it indicates that the policy is a permanent session policy set by the user agent.

If include_subdomains is True, the Strict Transport Security policy must also be enforced on subdomains of domain.

Constructors

class HSTSPolicy

classmethod new(domain: str, max_age: int, include_subdomains: bool) → HSTSPolicy

Creates a new HSTSPolicy with the given attributes.

domain is a domain on which the strict transport security policy represented by this object must be enforced.

max_age is used to set the “expires” attribute on the policy; pass HSTS_POLICY_MAX_AGE_PAST for an already-expired policy, or a lifetime in seconds.

If include_subdomains is True, the strict transport security policy must also be enforced on all subdomains of domain.

Parameters:

• domain – policy domain or hostname

• max_age – max age of the policy

• include_subdomains – True if the policy applies on subdomains

classmethod new_from_response(msg: Message) → HSTSPolicy | None

Parses msg’s first “Strict-Transport-Security” response header and returns a HSTSPolicy.

Parameters:

msg – a Message

classmethod new_full(domain: str, max_age: int, expires: DateTime, include_subdomains: bool) → HSTSPolicy

Full version of new, to use with an existing expiration date.

See new for details.

Parameters:

• domain – policy domain or hostname

• max_age – max age of the policy

• expires – the date of expiration of the policy or None for a permanent policy

• include_subdomains – True if the policy applies on subdomains

classmethod new_session_policy(domain: str, include_subdomains: bool) → HSTSPolicy

Creates a new session HSTSPolicy with the given attributes.

A session policy is a policy that is valid during the lifetime of the HSTSEnforcer it is added to. Contrary to regular policies, it has no expiration date and is not stored in persistent enforcers. These policies are useful for user-agent to load their own or user-defined rules.

domain is a domain on which the strict transport security policy represented by this object must be enforced.

If include_subdomains is True, the strict transport security policy must also be enforced on all subdomains of domain.

Parameters:

• domain – policy domain or hostname

• include_subdomains – True if the policy applies on sub domains

Methods

class HSTSPolicy

equal(policy2: HSTSPolicy) → bool

Tests if policy1 and policy2 are equal.

Parameters:

policy2 – a HSTSPolicy

free() → None

Frees policy.

get_domain() → str

Gets policy’s domain.

get_expires() → DateTime

Returns the expiration date for policy.

get_max_age() → int

Returns the max age for policy.

includes_subdomains() → bool

Gets whether policy include its subdomains.

is_expired() → bool

Gets whether policy is expired.

Permanent policies never expire.

is_session_policy() → bool

Gets whether policy is a non-permanent, non-expirable session policy.

See new_session_policy for details.