Skills
A skill is a package of structured files that teaches an AI coding agent how to work with a specific tool or framework. The skill below was generated by Great Docs from this project’s documentation. Install it in your agent and it will be able to run commands, edit configuration, write content, and troubleshoot problems without step-by-step guidance from you.
Any agent — install with npx:
npx skills add https://github.com/TypeError/secure/tree/main/docs/Codex / OpenCode
Tell the agent:
Fetch the skill file at https://github.com/TypeError/secure/tree/main/docs/skill.md and follow the instructions.Manual — download the skill file:
curl -O https://github.com/TypeError/secure/tree/main/docs/skill.mdOr browse the SKILL.md file.
SKILL.md
--- name: secure description: > A lightweight package that adds security headers for Python web frameworks. Use when writing Python code that uses the secure package. license: MIT compatibility: Requires Python >=3.10. --- # secure A lightweight package that adds security headers for Python web frameworks. ## Installation ```bash pip install secure ``` ## API overview ### Classes Main classes provided by the package - `Secure`: Configure and apply HTTP security headers for web applications ### Dataclasses Dataclass definitions - `CacheControl`: Fluent builder for the `Cache-Control` HTTP header - `ContentSecurityPolicy`: Fluent builder for the ``Content-Security-Policy`` HTTP response header - `CrossOriginEmbedderPolicy`: Builder for the ``Cross-Origin-Embedder-Policy`` (COEP) HTTP response header - `CrossOriginOpenerPolicy`: Builder for the ``Cross-Origin-Opener-Policy`` (COOP) HTTP response header - `CrossOriginResourcePolicy`: Builder for the ``Cross-Origin-Resource-Policy`` (CORP) HTTP response header - `CustomHeader`: Wrapper for an arbitrary HTTP header - `PermissionsPolicy`: Builder for the `Permissions-Policy` HTTP header - `ReferrerPolicy`: Builder for the ``Referrer-Policy`` HTTP response header - `Server`: Builder for the ``Server`` HTTP response header - `StrictTransportSecurity`: Builder for the ``Strict-Transport-Security`` (HSTS) HTTP response header - `XContentTypeOptions`: Builder for the `X-Content-Type-Options` HTTP header - `XDnsPrefetchControl`: Builder for the non-standard `X-DNS-Prefetch-Control` HTTP header - `XFrameOptions`: Builder for the `X-Frame-Options` HTTP response header - `XPermittedCrossDomainPolicies`: Builder for the `X-Permitted-Cross-Domain-Policies` HTTP response header ### StrictTransportSecurity Methods Methods for the StrictTransportSecurity class - `StrictTransportSecurity.header_value` - `StrictTransportSecurity.clear` - `StrictTransportSecurity.value` - `StrictTransportSecurity.max_age` - `StrictTransportSecurity.include_subdomains` - `StrictTransportSecurity.preload` ### Secure Methods Methods for the Secure class - `Secure.with_default_headers` - `Secure.from_preset` - `Secure.__str__` - `Secure.__repr__` - `Secure.validate_and_normalize_headers` - `Secure.deduplicate_headers` - `Secure.allowlist_headers` - `Secure.header_items` - `Secure.set_headers` - `Secure.set_headers_async` ### CacheControl Methods Methods for the CacheControl class - `CacheControl.value` - `CacheControl.set` - `CacheControl.clear` - `CacheControl.custom` - `CacheControl.immutable` - `CacheControl.max_age` - `CacheControl.max_stale` - `CacheControl.min_fresh` - `CacheControl.must_revalidate` - `CacheControl.must_understand` - `CacheControl.no_cache` - `CacheControl.no_store` - `CacheControl.no_transform` - `CacheControl.only_if_cached` - `CacheControl.private` - `CacheControl.proxy_revalidate` - `CacheControl.public` - `CacheControl.s_maxage` - `CacheControl.s_max_age` - `CacheControl.stale_if_error` - `CacheControl.stale_while_revalidate` ### ContentSecurityPolicy Methods Methods for the ContentSecurityPolicy class - `ContentSecurityPolicy.value` - `ContentSecurityPolicy.set` - `ContentSecurityPolicy.clear` - `ContentSecurityPolicy.report_only` - `ContentSecurityPolicy.enforce` - `ContentSecurityPolicy.custom` - `ContentSecurityPolicy.custom_directive` - `ContentSecurityPolicy.base_uri` - `ContentSecurityPolicy.block_all_mixed_content` - `ContentSecurityPolicy.child_src` - `ContentSecurityPolicy.connect_src` - `ContentSecurityPolicy.default_src` - `ContentSecurityPolicy.fenced_frame_src` - `ContentSecurityPolicy.font_src` - `ContentSecurityPolicy.form_action` - `ContentSecurityPolicy.frame_ancestors` - `ContentSecurityPolicy.frame_src` - `ContentSecurityPolicy.img_src` - `ContentSecurityPolicy.manifest_src` - `ContentSecurityPolicy.media_src` - `ContentSecurityPolicy.object_src` - `ContentSecurityPolicy.prefetch_src` - `ContentSecurityPolicy.report_to` - `ContentSecurityPolicy.report_uri` - `ContentSecurityPolicy.require_trusted_types_for` - `ContentSecurityPolicy.sandbox` - `ContentSecurityPolicy.script_src` - `ContentSecurityPolicy.script_src_attr` - `ContentSecurityPolicy.script_src_elem` - `ContentSecurityPolicy.style_src` - `ContentSecurityPolicy.style_src_attr` - `ContentSecurityPolicy.style_src_elem` - `ContentSecurityPolicy.trusted_types` - `ContentSecurityPolicy.upgrade_insecure_requests` - `ContentSecurityPolicy.worker_src` - `ContentSecurityPolicy.keyword` - `ContentSecurityPolicy.nonce` ### CrossOriginEmbedderPolicy Methods Methods for the CrossOriginEmbedderPolicy class - `CrossOriginEmbedderPolicy.set` - `CrossOriginEmbedderPolicy.value` - `CrossOriginEmbedderPolicy.clear` - `CrossOriginEmbedderPolicy.unsafe_none` - `CrossOriginEmbedderPolicy.require_corp` - `CrossOriginEmbedderPolicy.credentialless` ### CrossOriginOpenerPolicy Methods Methods for the CrossOriginOpenerPolicy class - `CrossOriginOpenerPolicy.value` - `CrossOriginOpenerPolicy.custom` - `CrossOriginOpenerPolicy.set` - `CrossOriginOpenerPolicy.clear` - `CrossOriginOpenerPolicy.unsafe_none` - `CrossOriginOpenerPolicy.same_origin_allow_popups` - `CrossOriginOpenerPolicy.same_origin` - `CrossOriginOpenerPolicy.noopener_allow_popups` ### CrossOriginResourcePolicy Methods Methods for the CrossOriginResourcePolicy class - `CrossOriginResourcePolicy.clear` - `CrossOriginResourcePolicy.value` - `CrossOriginResourcePolicy.set` - `CrossOriginResourcePolicy.same_origin` - `CrossOriginResourcePolicy.same_site` - `CrossOriginResourcePolicy.cross_origin` ### PermissionsPolicy Methods Methods for the PermissionsPolicy class - `PermissionsPolicy.value` - `PermissionsPolicy.set` - `PermissionsPolicy.clear` - `PermissionsPolicy.add_directive` - `PermissionsPolicy.directive` - `PermissionsPolicy.accelerometer` - `PermissionsPolicy.ambient_light_sensor` - `PermissionsPolicy.aria_notify` - `PermissionsPolicy.attribution_reporting` - `PermissionsPolicy.autoplay` - `PermissionsPolicy.bluetooth` - `PermissionsPolicy.browsing_topics` - `PermissionsPolicy.compute_pressure` - `PermissionsPolicy.cross_origin_isolated` - `PermissionsPolicy.fullscreen` - `PermissionsPolicy.gamepad` - `PermissionsPolicy.geolocation` - `PermissionsPolicy.gyroscope` - `PermissionsPolicy.hid` - `PermissionsPolicy.identity_credentials_get` - `PermissionsPolicy.idle_detection` - `PermissionsPolicy.local_fonts` - `PermissionsPolicy.magnetometer` - `PermissionsPolicy.microphone` - `PermissionsPolicy.on_device_speech_recognition` - `PermissionsPolicy.otp_credentials` - `PermissionsPolicy.publickey_credentials_create` - `PermissionsPolicy.publickey_credentials_get` - `PermissionsPolicy.serial` - `PermissionsPolicy.speaker_selection` - `PermissionsPolicy.storage_access` - `PermissionsPolicy.summarizer` - `PermissionsPolicy.translator` - `PermissionsPolicy.language_detector` - `PermissionsPolicy.usb` - `PermissionsPolicy.web_share` - `PermissionsPolicy.window_management` - `PermissionsPolicy.xr_spatial_tracking` - `PermissionsPolicy.battery` - `PermissionsPolicy.camera` - `PermissionsPolicy.clipboard_read` - `PermissionsPolicy.clipboard_write` - `PermissionsPolicy.display_capture` - `PermissionsPolicy.document_domain` - `PermissionsPolicy.encrypted_media` - `PermissionsPolicy.execution_while_not_rendered` - `PermissionsPolicy.execution_while_out_of_viewport` - `PermissionsPolicy.midi` - `PermissionsPolicy.navigation_override` - `PermissionsPolicy.payment` - `PermissionsPolicy.picture_in_picture` - `PermissionsPolicy.screen_wake_lock` - `PermissionsPolicy.sync_xhr` ### ReferrerPolicy Methods Methods for the ReferrerPolicy class - `ReferrerPolicy.add` - `ReferrerPolicy.set` - `ReferrerPolicy.value` - `ReferrerPolicy.custom` - `ReferrerPolicy.fallback` - `ReferrerPolicy.clear` - `ReferrerPolicy.no_referrer` - `ReferrerPolicy.no_referrer_when_downgrade` - `ReferrerPolicy.origin` - `ReferrerPolicy.origin_when_cross_origin` - `ReferrerPolicy.same_origin` - `ReferrerPolicy.strict_origin` - `ReferrerPolicy.strict_origin_when_cross_origin` - `ReferrerPolicy.unsafe_url` ### XDnsPrefetchControl Methods Methods for the XDnsPrefetchControl class - `XDnsPrefetchControl.clear` - `XDnsPrefetchControl.set` - `XDnsPrefetchControl.value` - `XDnsPrefetchControl.custom` - `XDnsPrefetchControl.on` - `XDnsPrefetchControl.off` - `XDnsPrefetchControl.allow` - `XDnsPrefetchControl.disable` ### XFrameOptions Methods Methods for the XFrameOptions class - `XFrameOptions.value` - `XFrameOptions.set` - `XFrameOptions.custom` - `XFrameOptions.clear` - `XFrameOptions.deny` - `XFrameOptions.sameorigin` - `XFrameOptions.allow_from` ### XPermittedCrossDomainPolicies Methods Methods for the XPermittedCrossDomainPolicies class - `XPermittedCrossDomainPolicies.clear` - `XPermittedCrossDomainPolicies.value` - `XPermittedCrossDomainPolicies.custom` - `XPermittedCrossDomainPolicies.set` - `XPermittedCrossDomainPolicies.policy` - `XPermittedCrossDomainPolicies.none` - `XPermittedCrossDomainPolicies.master_only` - `XPermittedCrossDomainPolicies.by_content_type` - `XPermittedCrossDomainPolicies.by_ftp_filename` - `XPermittedCrossDomainPolicies.all` - `XPermittedCrossDomainPolicies.none_this_response` ### Enumerations Enumeration types - `Preset`: Predefined security header presets for :class:`Secure` ## Resources - [Full documentation](https://github.com/TypeError/secure/tree/main/docs/) - [llms.txt](llms.txt) — Indexed API reference for LLMs - [llms-full.txt](llms-full.txt) — Comprehensive documentation for LLMs - [Source code](https://github.com/TypeError/secure)