summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCoprDistGit <infra@openeuler.org>2023-05-10 04:10:20 +0000
committerCoprDistGit <infra@openeuler.org>2023-05-10 04:10:20 +0000
commitd8d5f53c13cf1bfa75df170b522d1aefe52d9a57 (patch)
treece8320ef00b138295bae0882e7e9bd15ab80654b
parent025e570b562ad04881b59b77d5b348088554ad04 (diff)
automatic import of python-django-securityopeneuler20.03
Diffstat
-rw-r--r--.gitignore1
-rw-r--r--python-django-security.spec636
-rw-r--r--sources1
3 files changed, 638 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
index e69de29..16d726d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/django-security-0.12.0.tar.gz
diff --git a/python-django-security.spec b/python-django-security.spec
new file mode 100644
index 0000000..97d02b9
--- /dev/null
+++ b/python-django-security.spec
@@ -0,0 +1,636 @@
+%global _empty_manifest_terminate_build 0
+Name: python-django-security
+Version: 0.12.0
+Release: 1
+Summary: A collection of tools to help secure a Django project.
+License: BSD License
+URL: https://github.com/sdelements/django-security
+Source0: https://mirrors.nju.edu.cn/pypi/web/packages/ee/4e/cd1ee5f8005d87b47d2e9313aed8ed700d1ffcdc24b52a57ac4a1a5971d4/django-security-0.12.0.tar.gz
+BuildArch: noarch
+
+
+%description
+# Django-Security
+
+[![Build Status](https://travis-ci.org/sdelements/django-security.svg?branch=master)](https://travis-ci.org/sdelements/django-security)
+
+This package offers a number of models, views, middlewares and forms to facilitate security hardening of Django applications.
+
+# Full documentation
+
+Automatically generated documentation of `django-security` is available on Read The Docs:
+
+* [Django-security documentation](http://django-security.readthedocs.org/en/latest/)
+
+# Requirements
+
+* Python >= 3.6
+* Django >= 1.11
+
+For Django < 1.8 use django-security==0.9.4. For Django < 1.11 use django-security==0.11.3.
+
+Note: For versions prior to 0.10.0, `datetime` objects were being added to the session and required Django's PickleSerializer for (de)serializing. This has now been changed so that the strings of these `datetime`s are being stored instead. If you are still using PickleSerializer for this reason, we suggest switching to Django's default JSONSerializer (default since Django 1.6) for better security.
+
+
+# Installation
+
+Install from Python packages repository:
+
+ pip install django-security
+
+If you prefer the latest development version, install from
+[django-security](https://github.com/sdelements/django-security) repository on GitHub:
+
+ git clone https://github.com/sdelements/django-security.git
+ cd django-security
+ sudo python setup.py install
+
+Adding to Django application's `settings.py` file:
+
+ INSTALLED_APPS = (
+ ...
+ 'security',
+ ...
+ )
+
+Pre-Django 1.10, middleware modules can be added to `MIDDLEWARE_CLASSES` list in settings file:
+
+ MIDDLEWARE_CLASSES = (
+ ...
+ 'security.middleware.DoNotTrackMiddleware',
+ 'security.middleware.ContentNoSniff',
+ 'security.middleware.XssProtectMiddleware',
+ 'security.middleware.XFrameOptionsMiddleware',
+ )
+
+After Django 1.10, middleware modules can be added to `MIDDLEWARE` list in settings file:
+
+ MIDDLEWARE = (
+ ...
+ 'security.middleware.DoNotTrackMiddleware',
+ 'security.middleware.ContentNoSniff',
+ 'security.middleware.XssProtectMiddleware',
+ 'security.middleware.XFrameOptionsMiddleware',
+ )
+
+
+
+Unlike the modules listed above, some other modules **require** configuration settings,
+fully described in [django-security documentation](http://django-security.readthedocs.org/en/latest/).
+Brief description is provided below.
+
+## Middleware
+
+Provided middleware modules will modify web application's output and input and in most cases requires no
+or minimum configuration.
+
+<table>
+<tr>
+<th>Middleware
+<th>Description
+<th>Configuration
+</tr>
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.ClearSiteDataMiddleware">ClearSiteDataMiddleware</a>
+<td>Send Clear-Site-Data header in HTTP response for any page that has been whitelisted. <em>Recommended</em>.
+<td>Required.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.ContentNoSniff">ContentNoSniff</a>
+<td><b>DEPRECATED: </b>Will be removed in future releases, consider <a href="https://docs.djangoproject.com/en/1.11/ref/middleware/#django.middleware.security.SecurityMiddleware">django.middleware.security.SecurityMiddleware</a> via <i>SECURE_CONTENT_TYPE_NOSNIFF</i> setting.<br/>Disable possibly insecure autodetection of MIME types in browsers. <em>Recommended.</em>
+<td>None.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.ContentSecurityPolicyMiddleware">ContentSecurityPolicyMiddleware</a>
+<td>Send Content Security Policy (CSP) header in HTTP response. <em>Recommended,</em> requires careful tuning.
+<td>Required.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.DoNotTrackMiddleware">DoNotTrackMiddleware</a>
+<td>Read user browser's DoNotTrack preference and pass it to application. <em>Recommended,</em> requires implementation in views and templates.
+<td>None.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.LoginRequiredMiddleware">LoginRequiredMiddleware</a>
+<td>Requires a user to be authenticated to view any page on the site that hasn't been white listed.
+<td>Required.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.MandatoryPasswordChangeMiddleware">MandatoryPasswordChangeMiddleware</a>
+<td>Redirects any request from an authenticated user to the password change form if that user's password has expired.
+<td>Required.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.NoConfidentialCachingMiddleware">NoConfidentialCachingMiddleware</a>
+<td>Adds No-Cache and No-Store headers to confidential pages.
+<td>Required.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.P3PPolicyMiddleware">P3PPolicyMiddleware</a>
+<td><b>DEPRECATED: </b>Will be removed in future releases.<br/>Adds the HTTP header attribute specifying compact P3P policy.
+<td>Required.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.SessionExpiryPolicyMiddleware">SessionExpiryPolicyMiddleware</a>
+<td>Expire sessions on browser close, and on expiry times stored in the cookie itself.
+<td>Required.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.StrictTransportSecurityMiddleware">StrictTransportSecurityMiddleware</a>
+<td><b>DEPRECATED: </b>Will be removed in future releases, consider <a href="https://docs.djangoproject.com/en/1.11/ref/middleware/#django.middleware.security.SecurityMiddleware">django.middleware.security.SecurityMiddleware</a> via <i>SECURE_HSTS_SECONDS</i>, <i>SECURE_HSTS_INCLUDE_SUBDOMAINS</i> and <i>SECURE_HSTS_PRELOAD</i> settings.<br/>Enforce SSL/TLS connection and disable plaintext fall-back. <em>Recommended</em> for SSL/TLS sites.
+<td>Optional.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.XFrameOptionsMiddleware">XFrameOptionsMiddleware</a>
+<td>Disable framing of the website, mitigating Clickjacking attacks. <em>Recommended.</em>
+<td>Optional.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.XssProtectMiddleware">XssProtectMiddleware</a>
+<td><b>DEPRECATED: </b>Will be removed in future releases, consider <a href="https://docs.djangoproject.com/en/1.11/ref/middleware/#django.middleware.security.SecurityMiddleware">django.middleware.security.SecurityMiddleware</a> via <i>SECURE_BROWSER_XSS_FILTER</i> setting.<br/>Enforce browser's Cross Site Scripting protection. <em>Recommended.</em>
+<td>None.
+
+</table>
+
+## Views
+
+`csp_report`
+
+View that allows reception of Content Security Policy violation reports sent by browsers in response
+to CSP header set by ``ContentSecurityPolicyMiddleware`. This should be used only if long term, continuous CSP report
+analysis is required. For one time CSP setup [CspBuilder](http://cspbuilder.info/) is much simpler.
+
+This view can be configured to either log received reports or store them in database.
+See [documentation](http://django-security.readthedocs.org/en/latest/#security.views.csp_report) for details.
+
+`require_ajax`
+
+A view decorator which ensures that the request being processed by view is an AJAX request. Example usage:
+
+ @require_ajax
+ def myview(request):
+ ...
+
+## Models
+
+`CspReport`
+
+Content Security Policy violation report object. Only makes sense if `ContentSecurityPolicyMiddleware` and `csp_report` view are used.
+With this model, the reports can be then analysed in Django admin site.
+
+`PasswordExpiry`
+
+Associate a password expiry date with a user.
+
+## Logging
+
+All `django-security` modules send important log messages to `security` facility. The application should configure a handler to receive them:
+
+ LOGGING = {
+ ...
+ 'loggers': {
+ 'security': {
+ 'handlers': ['console',],
+ 'level': 'INFO',
+ 'propagate': False,
+ 'formatter': 'verbose',
+ },
+ },
+ ...
+ }
+
+%package -n python3-django-security
+Summary: A collection of tools to help secure a Django project.
+Provides: python-django-security
+BuildRequires: python3-devel
+BuildRequires: python3-setuptools
+BuildRequires: python3-pip
+%description -n python3-django-security
+# Django-Security
+
+[![Build Status](https://travis-ci.org/sdelements/django-security.svg?branch=master)](https://travis-ci.org/sdelements/django-security)
+
+This package offers a number of models, views, middlewares and forms to facilitate security hardening of Django applications.
+
+# Full documentation
+
+Automatically generated documentation of `django-security` is available on Read The Docs:
+
+* [Django-security documentation](http://django-security.readthedocs.org/en/latest/)
+
+# Requirements
+
+* Python >= 3.6
+* Django >= 1.11
+
+For Django < 1.8 use django-security==0.9.4. For Django < 1.11 use django-security==0.11.3.
+
+Note: For versions prior to 0.10.0, `datetime` objects were being added to the session and required Django's PickleSerializer for (de)serializing. This has now been changed so that the strings of these `datetime`s are being stored instead. If you are still using PickleSerializer for this reason, we suggest switching to Django's default JSONSerializer (default since Django 1.6) for better security.
+
+
+# Installation
+
+Install from Python packages repository:
+
+ pip install django-security
+
+If you prefer the latest development version, install from
+[django-security](https://github.com/sdelements/django-security) repository on GitHub:
+
+ git clone https://github.com/sdelements/django-security.git
+ cd django-security
+ sudo python setup.py install
+
+Adding to Django application's `settings.py` file:
+
+ INSTALLED_APPS = (
+ ...
+ 'security',
+ ...
+ )
+
+Pre-Django 1.10, middleware modules can be added to `MIDDLEWARE_CLASSES` list in settings file:
+
+ MIDDLEWARE_CLASSES = (
+ ...
+ 'security.middleware.DoNotTrackMiddleware',
+ 'security.middleware.ContentNoSniff',
+ 'security.middleware.XssProtectMiddleware',
+ 'security.middleware.XFrameOptionsMiddleware',
+ )
+
+After Django 1.10, middleware modules can be added to `MIDDLEWARE` list in settings file:
+
+ MIDDLEWARE = (
+ ...
+ 'security.middleware.DoNotTrackMiddleware',
+ 'security.middleware.ContentNoSniff',
+ 'security.middleware.XssProtectMiddleware',
+ 'security.middleware.XFrameOptionsMiddleware',
+ )
+
+
+
+Unlike the modules listed above, some other modules **require** configuration settings,
+fully described in [django-security documentation](http://django-security.readthedocs.org/en/latest/).
+Brief description is provided below.
+
+## Middleware
+
+Provided middleware modules will modify web application's output and input and in most cases requires no
+or minimum configuration.
+
+<table>
+<tr>
+<th>Middleware
+<th>Description
+<th>Configuration
+</tr>
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.ClearSiteDataMiddleware">ClearSiteDataMiddleware</a>
+<td>Send Clear-Site-Data header in HTTP response for any page that has been whitelisted. <em>Recommended</em>.
+<td>Required.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.ContentNoSniff">ContentNoSniff</a>
+<td><b>DEPRECATED: </b>Will be removed in future releases, consider <a href="https://docs.djangoproject.com/en/1.11/ref/middleware/#django.middleware.security.SecurityMiddleware">django.middleware.security.SecurityMiddleware</a> via <i>SECURE_CONTENT_TYPE_NOSNIFF</i> setting.<br/>Disable possibly insecure autodetection of MIME types in browsers. <em>Recommended.</em>
+<td>None.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.ContentSecurityPolicyMiddleware">ContentSecurityPolicyMiddleware</a>
+<td>Send Content Security Policy (CSP) header in HTTP response. <em>Recommended,</em> requires careful tuning.
+<td>Required.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.DoNotTrackMiddleware">DoNotTrackMiddleware</a>
+<td>Read user browser's DoNotTrack preference and pass it to application. <em>Recommended,</em> requires implementation in views and templates.
+<td>None.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.LoginRequiredMiddleware">LoginRequiredMiddleware</a>
+<td>Requires a user to be authenticated to view any page on the site that hasn't been white listed.
+<td>Required.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.MandatoryPasswordChangeMiddleware">MandatoryPasswordChangeMiddleware</a>
+<td>Redirects any request from an authenticated user to the password change form if that user's password has expired.
+<td>Required.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.NoConfidentialCachingMiddleware">NoConfidentialCachingMiddleware</a>
+<td>Adds No-Cache and No-Store headers to confidential pages.
+<td>Required.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.P3PPolicyMiddleware">P3PPolicyMiddleware</a>
+<td><b>DEPRECATED: </b>Will be removed in future releases.<br/>Adds the HTTP header attribute specifying compact P3P policy.
+<td>Required.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.SessionExpiryPolicyMiddleware">SessionExpiryPolicyMiddleware</a>
+<td>Expire sessions on browser close, and on expiry times stored in the cookie itself.
+<td>Required.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.StrictTransportSecurityMiddleware">StrictTransportSecurityMiddleware</a>
+<td><b>DEPRECATED: </b>Will be removed in future releases, consider <a href="https://docs.djangoproject.com/en/1.11/ref/middleware/#django.middleware.security.SecurityMiddleware">django.middleware.security.SecurityMiddleware</a> via <i>SECURE_HSTS_SECONDS</i>, <i>SECURE_HSTS_INCLUDE_SUBDOMAINS</i> and <i>SECURE_HSTS_PRELOAD</i> settings.<br/>Enforce SSL/TLS connection and disable plaintext fall-back. <em>Recommended</em> for SSL/TLS sites.
+<td>Optional.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.XFrameOptionsMiddleware">XFrameOptionsMiddleware</a>
+<td>Disable framing of the website, mitigating Clickjacking attacks. <em>Recommended.</em>
+<td>Optional.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.XssProtectMiddleware">XssProtectMiddleware</a>
+<td><b>DEPRECATED: </b>Will be removed in future releases, consider <a href="https://docs.djangoproject.com/en/1.11/ref/middleware/#django.middleware.security.SecurityMiddleware">django.middleware.security.SecurityMiddleware</a> via <i>SECURE_BROWSER_XSS_FILTER</i> setting.<br/>Enforce browser's Cross Site Scripting protection. <em>Recommended.</em>
+<td>None.
+
+</table>
+
+## Views
+
+`csp_report`
+
+View that allows reception of Content Security Policy violation reports sent by browsers in response
+to CSP header set by ``ContentSecurityPolicyMiddleware`. This should be used only if long term, continuous CSP report
+analysis is required. For one time CSP setup [CspBuilder](http://cspbuilder.info/) is much simpler.
+
+This view can be configured to either log received reports or store them in database.
+See [documentation](http://django-security.readthedocs.org/en/latest/#security.views.csp_report) for details.
+
+`require_ajax`
+
+A view decorator which ensures that the request being processed by view is an AJAX request. Example usage:
+
+ @require_ajax
+ def myview(request):
+ ...
+
+## Models
+
+`CspReport`
+
+Content Security Policy violation report object. Only makes sense if `ContentSecurityPolicyMiddleware` and `csp_report` view are used.
+With this model, the reports can be then analysed in Django admin site.
+
+`PasswordExpiry`
+
+Associate a password expiry date with a user.
+
+## Logging
+
+All `django-security` modules send important log messages to `security` facility. The application should configure a handler to receive them:
+
+ LOGGING = {
+ ...
+ 'loggers': {
+ 'security': {
+ 'handlers': ['console',],
+ 'level': 'INFO',
+ 'propagate': False,
+ 'formatter': 'verbose',
+ },
+ },
+ ...
+ }
+
+%package help
+Summary: Development documents and examples for django-security
+Provides: python3-django-security-doc
+%description help
+# Django-Security
+
+[![Build Status](https://travis-ci.org/sdelements/django-security.svg?branch=master)](https://travis-ci.org/sdelements/django-security)
+
+This package offers a number of models, views, middlewares and forms to facilitate security hardening of Django applications.
+
+# Full documentation
+
+Automatically generated documentation of `django-security` is available on Read The Docs:
+
+* [Django-security documentation](http://django-security.readthedocs.org/en/latest/)
+
+# Requirements
+
+* Python >= 3.6
+* Django >= 1.11
+
+For Django < 1.8 use django-security==0.9.4. For Django < 1.11 use django-security==0.11.3.
+
+Note: For versions prior to 0.10.0, `datetime` objects were being added to the session and required Django's PickleSerializer for (de)serializing. This has now been changed so that the strings of these `datetime`s are being stored instead. If you are still using PickleSerializer for this reason, we suggest switching to Django's default JSONSerializer (default since Django 1.6) for better security.
+
+
+# Installation
+
+Install from Python packages repository:
+
+ pip install django-security
+
+If you prefer the latest development version, install from
+[django-security](https://github.com/sdelements/django-security) repository on GitHub:
+
+ git clone https://github.com/sdelements/django-security.git
+ cd django-security
+ sudo python setup.py install
+
+Adding to Django application's `settings.py` file:
+
+ INSTALLED_APPS = (
+ ...
+ 'security',
+ ...
+ )
+
+Pre-Django 1.10, middleware modules can be added to `MIDDLEWARE_CLASSES` list in settings file:
+
+ MIDDLEWARE_CLASSES = (
+ ...
+ 'security.middleware.DoNotTrackMiddleware',
+ 'security.middleware.ContentNoSniff',
+ 'security.middleware.XssProtectMiddleware',
+ 'security.middleware.XFrameOptionsMiddleware',
+ )
+
+After Django 1.10, middleware modules can be added to `MIDDLEWARE` list in settings file:
+
+ MIDDLEWARE = (
+ ...
+ 'security.middleware.DoNotTrackMiddleware',
+ 'security.middleware.ContentNoSniff',
+ 'security.middleware.XssProtectMiddleware',
+ 'security.middleware.XFrameOptionsMiddleware',
+ )
+
+
+
+Unlike the modules listed above, some other modules **require** configuration settings,
+fully described in [django-security documentation](http://django-security.readthedocs.org/en/latest/).
+Brief description is provided below.
+
+## Middleware
+
+Provided middleware modules will modify web application's output and input and in most cases requires no
+or minimum configuration.
+
+<table>
+<tr>
+<th>Middleware
+<th>Description
+<th>Configuration
+</tr>
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.ClearSiteDataMiddleware">ClearSiteDataMiddleware</a>
+<td>Send Clear-Site-Data header in HTTP response for any page that has been whitelisted. <em>Recommended</em>.
+<td>Required.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.ContentNoSniff">ContentNoSniff</a>
+<td><b>DEPRECATED: </b>Will be removed in future releases, consider <a href="https://docs.djangoproject.com/en/1.11/ref/middleware/#django.middleware.security.SecurityMiddleware">django.middleware.security.SecurityMiddleware</a> via <i>SECURE_CONTENT_TYPE_NOSNIFF</i> setting.<br/>Disable possibly insecure autodetection of MIME types in browsers. <em>Recommended.</em>
+<td>None.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.ContentSecurityPolicyMiddleware">ContentSecurityPolicyMiddleware</a>
+<td>Send Content Security Policy (CSP) header in HTTP response. <em>Recommended,</em> requires careful tuning.
+<td>Required.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.DoNotTrackMiddleware">DoNotTrackMiddleware</a>
+<td>Read user browser's DoNotTrack preference and pass it to application. <em>Recommended,</em> requires implementation in views and templates.
+<td>None.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.LoginRequiredMiddleware">LoginRequiredMiddleware</a>
+<td>Requires a user to be authenticated to view any page on the site that hasn't been white listed.
+<td>Required.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.MandatoryPasswordChangeMiddleware">MandatoryPasswordChangeMiddleware</a>
+<td>Redirects any request from an authenticated user to the password change form if that user's password has expired.
+<td>Required.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.NoConfidentialCachingMiddleware">NoConfidentialCachingMiddleware</a>
+<td>Adds No-Cache and No-Store headers to confidential pages.
+<td>Required.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.P3PPolicyMiddleware">P3PPolicyMiddleware</a>
+<td><b>DEPRECATED: </b>Will be removed in future releases.<br/>Adds the HTTP header attribute specifying compact P3P policy.
+<td>Required.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.SessionExpiryPolicyMiddleware">SessionExpiryPolicyMiddleware</a>
+<td>Expire sessions on browser close, and on expiry times stored in the cookie itself.
+<td>Required.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.StrictTransportSecurityMiddleware">StrictTransportSecurityMiddleware</a>
+<td><b>DEPRECATED: </b>Will be removed in future releases, consider <a href="https://docs.djangoproject.com/en/1.11/ref/middleware/#django.middleware.security.SecurityMiddleware">django.middleware.security.SecurityMiddleware</a> via <i>SECURE_HSTS_SECONDS</i>, <i>SECURE_HSTS_INCLUDE_SUBDOMAINS</i> and <i>SECURE_HSTS_PRELOAD</i> settings.<br/>Enforce SSL/TLS connection and disable plaintext fall-back. <em>Recommended</em> for SSL/TLS sites.
+<td>Optional.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.XFrameOptionsMiddleware">XFrameOptionsMiddleware</a>
+<td>Disable framing of the website, mitigating Clickjacking attacks. <em>Recommended.</em>
+<td>Optional.
+
+<tr>
+<td><a href="http://django-security.readthedocs.org/en/latest/#security.middleware.XssProtectMiddleware">XssProtectMiddleware</a>
+<td><b>DEPRECATED: </b>Will be removed in future releases, consider <a href="https://docs.djangoproject.com/en/1.11/ref/middleware/#django.middleware.security.SecurityMiddleware">django.middleware.security.SecurityMiddleware</a> via <i>SECURE_BROWSER_XSS_FILTER</i> setting.<br/>Enforce browser's Cross Site Scripting protection. <em>Recommended.</em>
+<td>None.
+
+</table>
+
+## Views
+
+`csp_report`
+
+View that allows reception of Content Security Policy violation reports sent by browsers in response
+to CSP header set by ``ContentSecurityPolicyMiddleware`. This should be used only if long term, continuous CSP report
+analysis is required. For one time CSP setup [CspBuilder](http://cspbuilder.info/) is much simpler.
+
+This view can be configured to either log received reports or store them in database.
+See [documentation](http://django-security.readthedocs.org/en/latest/#security.views.csp_report) for details.
+
+`require_ajax`
+
+A view decorator which ensures that the request being processed by view is an AJAX request. Example usage:
+
+ @require_ajax
+ def myview(request):
+ ...
+
+## Models
+
+`CspReport`
+
+Content Security Policy violation report object. Only makes sense if `ContentSecurityPolicyMiddleware` and `csp_report` view are used.
+With this model, the reports can be then analysed in Django admin site.
+
+`PasswordExpiry`
+
+Associate a password expiry date with a user.
+
+## Logging
+
+All `django-security` modules send important log messages to `security` facility. The application should configure a handler to receive them:
+
+ LOGGING = {
+ ...
+ 'loggers': {
+ 'security': {
+ 'handlers': ['console',],
+ 'level': 'INFO',
+ 'propagate': False,
+ 'formatter': 'verbose',
+ },
+ },
+ ...
+ }
+
+%prep
+%autosetup -n django-security-0.12.0
+
+%build
+%py3_build
+
+%install
+%py3_install
+install -d -m755 %{buildroot}/%{_pkgdocdir}
+if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
+if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
+if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
+if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
+pushd %{buildroot}
+if [ -d usr/lib ]; then
+ find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/lib64 ]; then
+ find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/bin ]; then
+ find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/sbin ]; then
+ find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+touch doclist.lst
+if [ -d usr/share/man ]; then
+ find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst
+fi
+popd
+mv %{buildroot}/filelist.lst .
+mv %{buildroot}/doclist.lst .
+
+%files -n python3-django-security -f filelist.lst
+%dir %{python3_sitelib}/*
+
+%files help -f doclist.lst
+%{_docdir}/*
+
+%changelog
+* Wed May 10 2023 Python_Bot <Python_Bot@openeuler.org> - 0.12.0-1
+- Package Spec generated
diff --git a/sources b/sources
new file mode 100644
index 0000000..c937e98
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+e7eed35d490a00eb626400fb0795cda9 django-security-0.12.0.tar.gz
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-25 03:45:45 +0000