diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | python-flask-talisman.spec | 186 | ||||
| -rw-r--r-- | sources | 1 |
3 files changed, 188 insertions, 0 deletions
@@ -0,0 +1 @@ +/flask-talisman-1.0.0.tar.gz diff --git a/python-flask-talisman.spec b/python-flask-talisman.spec new file mode 100644 index 0000000..9f0bbea --- /dev/null +++ b/python-flask-talisman.spec @@ -0,0 +1,186 @@ +%global _empty_manifest_terminate_build 0 +Name: python-flask-talisman +Version: 1.0.0 +Release: 1 +Summary: HTTP security headers for Flask. +License: Apache Software License +URL: https://github.com/wntrblm/flask-talisman +Source0: https://mirrors.nju.edu.cn/pypi/web/packages/91/3b/9f2636055f0f238e29a551fdf0bd590dc86f9f1a76f5d8b9f0d20185e381/flask-talisman-1.0.0.tar.gz +BuildArch: noarch + + +%description +|PyPI Version| +Talisman is a small Flask extension that handles setting HTTP headers +that can help protect against a few common web application security +issues. +The default configuration: +- Forces all connects to ``https``, unless running with debug enabled. +- Enables `HTTP Strict Transport + Security <https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security>`_. +- Sets Flask's session cookie to ``secure``, so it will never be set if + your application is somehow accessed via a non-secure connection. +- Sets Flask's session cookie to ``httponly``, preventing JavaScript + from being able to access its content. CSRF via Ajax uses a separate + cookie and should be unaffected. +- Sets Flask's session cookie to ``Lax``, preventing the cookie to be leaked + in CSRF-prone request methods. +- Sets + `X-Frame-Options <https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options>`_ + to ``SAMEORIGIN`` to avoid + `clickjacking <https://en.wikipedia.org/wiki/Clickjacking>`_. +- Sets `X-XSS-Protection + <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection>`_ + to enable a cross site scripting filter for IE and Safari (note Chrome has + removed this and Firefox never supported it). +- Sets `X-Content-Type-Options + <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options>`_ + to prevent content type sniffing. +- Sets a strict `Content Security + Policy <https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy>`__ + of ``default-src: 'self', 'object-src': 'none'``. This is intended to almost completely + prevent Cross Site Scripting (XSS) attacks. This is probably the only + setting that you should reasonably change. See the + `Content Security Policy`_ section. +- Sets a strict `Referrer-Policy <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy>`_ + of ``strict-origin-when-cross-origin`` that governs which referrer information should be included with + requests made. +In addition to Talisman, you **should always use a cross-site request +forgery (CSRF) library**. It's highly recommended to use +`Flask-SeaSurf <https://flask-seasurf.readthedocs.org/en/latest/>`_, +which is based on Django's excellent library. + +%package -n python3-flask-talisman +Summary: HTTP security headers for Flask. +Provides: python-flask-talisman +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-pip +%description -n python3-flask-talisman +|PyPI Version| +Talisman is a small Flask extension that handles setting HTTP headers +that can help protect against a few common web application security +issues. +The default configuration: +- Forces all connects to ``https``, unless running with debug enabled. +- Enables `HTTP Strict Transport + Security <https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security>`_. +- Sets Flask's session cookie to ``secure``, so it will never be set if + your application is somehow accessed via a non-secure connection. +- Sets Flask's session cookie to ``httponly``, preventing JavaScript + from being able to access its content. CSRF via Ajax uses a separate + cookie and should be unaffected. +- Sets Flask's session cookie to ``Lax``, preventing the cookie to be leaked + in CSRF-prone request methods. +- Sets + `X-Frame-Options <https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options>`_ + to ``SAMEORIGIN`` to avoid + `clickjacking <https://en.wikipedia.org/wiki/Clickjacking>`_. +- Sets `X-XSS-Protection + <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection>`_ + to enable a cross site scripting filter for IE and Safari (note Chrome has + removed this and Firefox never supported it). +- Sets `X-Content-Type-Options + <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options>`_ + to prevent content type sniffing. +- Sets a strict `Content Security + Policy <https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy>`__ + of ``default-src: 'self', 'object-src': 'none'``. This is intended to almost completely + prevent Cross Site Scripting (XSS) attacks. This is probably the only + setting that you should reasonably change. See the + `Content Security Policy`_ section. +- Sets a strict `Referrer-Policy <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy>`_ + of ``strict-origin-when-cross-origin`` that governs which referrer information should be included with + requests made. +In addition to Talisman, you **should always use a cross-site request +forgery (CSRF) library**. It's highly recommended to use +`Flask-SeaSurf <https://flask-seasurf.readthedocs.org/en/latest/>`_, +which is based on Django's excellent library. + +%package help +Summary: Development documents and examples for flask-talisman +Provides: python3-flask-talisman-doc +%description help +|PyPI Version| +Talisman is a small Flask extension that handles setting HTTP headers +that can help protect against a few common web application security +issues. +The default configuration: +- Forces all connects to ``https``, unless running with debug enabled. +- Enables `HTTP Strict Transport + Security <https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security>`_. +- Sets Flask's session cookie to ``secure``, so it will never be set if + your application is somehow accessed via a non-secure connection. +- Sets Flask's session cookie to ``httponly``, preventing JavaScript + from being able to access its content. CSRF via Ajax uses a separate + cookie and should be unaffected. +- Sets Flask's session cookie to ``Lax``, preventing the cookie to be leaked + in CSRF-prone request methods. +- Sets + `X-Frame-Options <https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options>`_ + to ``SAMEORIGIN`` to avoid + `clickjacking <https://en.wikipedia.org/wiki/Clickjacking>`_. +- Sets `X-XSS-Protection + <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection>`_ + to enable a cross site scripting filter for IE and Safari (note Chrome has + removed this and Firefox never supported it). +- Sets `X-Content-Type-Options + <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options>`_ + to prevent content type sniffing. +- Sets a strict `Content Security + Policy <https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy>`__ + of ``default-src: 'self', 'object-src': 'none'``. This is intended to almost completely + prevent Cross Site Scripting (XSS) attacks. This is probably the only + setting that you should reasonably change. See the + `Content Security Policy`_ section. +- Sets a strict `Referrer-Policy <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy>`_ + of ``strict-origin-when-cross-origin`` that governs which referrer information should be included with + requests made. +In addition to Talisman, you **should always use a cross-site request +forgery (CSRF) library**. It's highly recommended to use +`Flask-SeaSurf <https://flask-seasurf.readthedocs.org/en/latest/>`_, +which is based on Django's excellent library. + +%prep +%autosetup -n flask-talisman-1.0.0 + +%build +%py3_build + +%install +%py3_install +install -d -m755 %{buildroot}/%{_pkgdocdir} +if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi +if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi +if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi +if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi +pushd %{buildroot} +if [ -d usr/lib ]; then + find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/lib64 ]; then + find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/bin ]; then + find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/sbin ]; then + find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst +fi +touch doclist.lst +if [ -d usr/share/man ]; then + find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst +fi +popd +mv %{buildroot}/filelist.lst . +mv %{buildroot}/doclist.lst . + +%files -n python3-flask-talisman -f filelist.lst +%dir %{python3_sitelib}/* + +%files help -f doclist.lst +%{_docdir}/* + +%changelog +* Mon Apr 10 2023 Python_Bot <Python_Bot@openeuler.org> - 1.0.0-1 +- Package Spec generated @@ -0,0 +1 @@ +ee85512ce589bb077ed7c15e819aefa0 flask-talisman-1.0.0.tar.gz |