{"id":8629,"library":"secweb","title":"Secweb: Security Middlewares for FastAPI and Starlette","description":"Secweb is a pack of security middlewares for FastAPI and Starlette servers, providing features like Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), and many more. It aims to offer easily configurable security headers with minimal overhead, implementing recommendations from MDN and OWASP. The library is currently at version 1.30.10 and is actively maintained.","status":"active","version":"1.30.10","language":"en","source_language":"en","source_url":"https://github.com/tmotagam/Secweb.git","tags":["fastapi","security","middleware","starlette","csp","hsts","web-security"],"install":[{"cmd":"pip install secweb","lang":"bash","label":"Install latest version"}],"dependencies":[{"reason":"Requires Python 3.9 or higher for compatibility with recent updates and features.","package":"python","optional":false}],"imports":[{"note":"Main class that includes all security middlewares bundled together.","symbol":"SecWeb","correct":"from Secweb import SecWeb"},{"note":"Example of importing a single, specific security middleware.","symbol":"ContentSecurityPolicy","correct":"from Secweb import ContentSecurityPolicy"}],"quickstart":{"code":"import uvicorn\nfrom fastapi import FastAPI\nfrom Secweb import SecWeb\n\napp = FastAPI()\n\n# Initialize SecWeb to apply all default security headers.\n# Custom options can be passed via the 'Option' dictionary parameter.\nSecWeb(app=app)\n\n@app.get(\"/\")\nasync def read_root():\n    return {\"message\": \"Hello, secured World!\"}\n\n# To run this example:\n# 1. Save as a Python file (e.g., main.py)\n# 2. Run from your terminal: uvicorn main:app --reload\n# Check browser developer tools for applied security headers.","lang":"python","description":"This quickstart demonstrates how to integrate `Secweb` with a FastAPI application. By initializing `SecWeb` with your FastAPI app, all default security headers are automatically applied, enhancing the application's security posture. To test, run the app and inspect the HTTP response headers."},"warnings":[{"fix":"Upgrade your Python environment to 3.9 or later. Consider using a virtual environment (e.g., `python3.9 -m venv .venv`).","message":"Secweb now requires Python 3.9 or higher. Older Python versions will not be supported with recent releases.","severity":"breaking","affected_versions":">=1.25.2"},{"fix":"To customize or disable specific headers, pass an `Option` dictionary to `SecWeb` with boolean flags or policy definitions (e.g., `SecWeb(app=app, Option={'Content-Security-Policy': {'default-src': \"'self'\"}})`).","message":"When initializing `SecWeb(app=app)`, all 16 security headers are enabled by default with their preset values. Users expecting a minimal set of headers or custom policies must explicitly define them using the `Option` parameter.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Decide whether you need a comprehensive set of default headers (`SecWeb`) or fine-grained control over a few specific ones. If using individual middlewares, ensure all necessary security headers are separately configured.","message":"Using individual middleware classes (e.g., `ContentSecurityPolicy`) instead of the combined `SecWeb` class will only activate those specific headers. Other security headers will remain deactivated unless explicitly added.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Consult the latest Secweb documentation or GitHub README for the correct `Option` dictionary structure and key names for each security header in your installed version.","message":"Some `Option` dictionary parameter keys for specific headers (e.g., `COEP`, `COOP`, `CORP`, `Referrer`) have changed across versions. While the library claims backward compatibility, existing configurations might need updates to reflect new key names or structures.","severity":"gotcha","affected_versions":">=1.25.2"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Ensure `secweb` is installed by running `pip install secweb` and that you are using the correct Python environment where it was installed.","cause":"The `secweb` package is not installed in the current Python environment or the environment is not active.","error":"ModuleNotFoundError: No module named 'Secweb'"},{"fix":"Verify the `Option` dictionary keys against the official Secweb documentation or source code for your specific version to ensure they are correct and up-to-date.","cause":"An invalid key was used in the `Option` dictionary passed to `SecWeb`, possibly due to a typo or a deprecated parameter name.","error":"KeyError: 'Some-Policy-Key-That-DoesNotExist'"},{"fix":"Ensure `SecWeb(app=app)` is called early in your application's setup, typically right after initializing `FastAPI()` or `Starlette()`, to give it precedence over other middlewares. Double-check your `Option` dictionary for typos or incorrect values.","cause":"This can be caused by the order of middlewares in your FastAPI/Starlette application, where another middleware might be overwriting Secweb's headers. Alternatively, a misconfiguration in the `Option` dictionary might prevent headers from being set as expected.","error":"Security headers are not being applied or are incorrect in the response."}]}