v1.0.1 - Performance Improvements for Secure.set_headers

This release focuses on improving the performance of the Secure.set_headers method by reducing redundant type checks. The changes optimize the efficiency when setting multiple headers, especially in frameworks that support both synchronous and asynchronous methods.

Key updates in v1.0.1:

• Performance Improvement: Reduced redundant type checks in Secure.set_headers and Secure.set_headers_async. This optimizes the process by checking the response type once before looping through headers, enhancing performance for applications with multiple headers. #26
• New Tests: Added comprehensive tests to validate async and sync behavior for setting headers, ensuring compatibility across different frameworks.

Special Thanks

A big thank you to @davidwtbuxton for raising the issue and helping us improve the project.

How to Upgrade

To upgrade to v1.0.1, simply run:

pip install --upgrade secure

v1.0.0 – Full Redesign and Modernization of secure.py

We’re excited to announce the release of secure.py v1.0.0! This is a major update that completely redesigns the library with modern Python support and significant improvements in usability, security, and performance.

What's New:

• Full API Overhaul: The entire library has been redesigned for Python 3.10+ with a more Pythonic API, leveraging type hints and modern language features like union operators (|) and cached_property.

• Improved Framework Support: Enhanced integration for popular web frameworks like FastAPI, Flask, Django, Sanic, Starlette, and more, with improved support for asynchronous frameworks.

• Middleware Examples: We've added middleware-based integration examples for supported frameworks, making it easier to apply security headers across your application.

• Enhanced Security Defaults: Updated default security headers for stronger protection, including refined Content-Security-Policy (CSP) configurations with nonce and strict-dynamic directives.

• Better Type Annotations: The entire codebase now includes better type hints and annotations for an improved developer experience.

Breaking Changes:

• API Redesign: The library has undergone a full API redesign, and some previous methods have been deprecated or refactored. Be sure to review the documentation before upgrading.

• Python 3.10+ Required: This release drops support for older versions of Python. Ensure you are running Python 3.10 or later before upgrading.

Additional Updates:

• Server Header Handling: Improved handling for overriding Server headers in Uvicorn-based frameworks, with examples on how to prevent default Uvicorn headers.
• Expanded Documentation: Updated and more comprehensive documentation with examples for middleware and asynchronous header application.

We look forward to your feedback! 🚀

v0.3.0

Breaking Changes

Changelog:

• Full redesign of Secure API
• Removal of cookie support
• Add type hints
• Add support for FastAPI
• Change Feature-Policy to Permissions-Policy (#10)

v0.2.1

Merry Christmas! 🎅

• Add support for Masonite
• Remove trailing semicolon from Feature Policy
• Rename Feature.Values.All to Feature.Values.All_ (shadowed built-in name 'all')
• Modify hug implementation for SecureHeaders and SecureCookie
• Upper-case SameSite Enum (SameSite.LAX / SameSite.STRICT)
• Add SecureHeaders and SecureCookie docstrings

v0.2.0

• Add policy builder SecurePolicies (policies.py)
• Add Expires header for legacy browser support
• Add max-age directive to Cache-control header
• Rename XXS argument to XXP
• Use native Flask set-cookie