summaryrefslogtreecommitdiff
path: root/python-flask-talisman.spec
diff options
context:
space:
mode:
Diffstat (limited to 'python-flask-talisman.spec')
-rw-r--r--python-flask-talisman.spec186
1 files changed, 186 insertions, 0 deletions
diff --git a/python-flask-talisman.spec b/python-flask-talisman.spec
new file mode 100644
index 0000000..9f0bbea
--- /dev/null
+++ b/python-flask-talisman.spec
@@ -0,0 +1,186 @@
+%global _empty_manifest_terminate_build 0
+Name: python-flask-talisman
+Version: 1.0.0
+Release: 1
+Summary: HTTP security headers for Flask.
+License: Apache Software License
+URL: https://github.com/wntrblm/flask-talisman
+Source0: https://mirrors.nju.edu.cn/pypi/web/packages/91/3b/9f2636055f0f238e29a551fdf0bd590dc86f9f1a76f5d8b9f0d20185e381/flask-talisman-1.0.0.tar.gz
+BuildArch: noarch
+
+
+%description
+|PyPI Version|
+Talisman is a small Flask extension that handles setting HTTP headers
+that can help protect against a few common web application security
+issues.
+The default configuration:
+- Forces all connects to ``https``, unless running with debug enabled.
+- Enables `HTTP Strict Transport
+ Security <https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security>`_.
+- Sets Flask's session cookie to ``secure``, so it will never be set if
+ your application is somehow accessed via a non-secure connection.
+- Sets Flask's session cookie to ``httponly``, preventing JavaScript
+ from being able to access its content. CSRF via Ajax uses a separate
+ cookie and should be unaffected.
+- Sets Flask's session cookie to ``Lax``, preventing the cookie to be leaked
+ in CSRF-prone request methods.
+- Sets
+ `X-Frame-Options <https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options>`_
+ to ``SAMEORIGIN`` to avoid
+ `clickjacking <https://en.wikipedia.org/wiki/Clickjacking>`_.
+- Sets `X-XSS-Protection
+ <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection>`_
+ to enable a cross site scripting filter for IE and Safari (note Chrome has
+ removed this and Firefox never supported it).
+- Sets `X-Content-Type-Options
+ <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options>`_
+ to prevent content type sniffing.
+- Sets a strict `Content Security
+ Policy <https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy>`__
+ of ``default-src: 'self', 'object-src': 'none'``. This is intended to almost completely
+ prevent Cross Site Scripting (XSS) attacks. This is probably the only
+ setting that you should reasonably change. See the
+ `Content Security Policy`_ section.
+- Sets a strict `Referrer-Policy <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy>`_
+ of ``strict-origin-when-cross-origin`` that governs which referrer information should be included with
+ requests made.
+In addition to Talisman, you **should always use a cross-site request
+forgery (CSRF) library**. It's highly recommended to use
+`Flask-SeaSurf <https://flask-seasurf.readthedocs.org/en/latest/>`_,
+which is based on Django's excellent library.
+
+%package -n python3-flask-talisman
+Summary: HTTP security headers for Flask.
+Provides: python-flask-talisman
+BuildRequires: python3-devel
+BuildRequires: python3-setuptools
+BuildRequires: python3-pip
+%description -n python3-flask-talisman
+|PyPI Version|
+Talisman is a small Flask extension that handles setting HTTP headers
+that can help protect against a few common web application security
+issues.
+The default configuration:
+- Forces all connects to ``https``, unless running with debug enabled.
+- Enables `HTTP Strict Transport
+ Security <https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security>`_.
+- Sets Flask's session cookie to ``secure``, so it will never be set if
+ your application is somehow accessed via a non-secure connection.
+- Sets Flask's session cookie to ``httponly``, preventing JavaScript
+ from being able to access its content. CSRF via Ajax uses a separate
+ cookie and should be unaffected.
+- Sets Flask's session cookie to ``Lax``, preventing the cookie to be leaked
+ in CSRF-prone request methods.
+- Sets
+ `X-Frame-Options <https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options>`_
+ to ``SAMEORIGIN`` to avoid
+ `clickjacking <https://en.wikipedia.org/wiki/Clickjacking>`_.
+- Sets `X-XSS-Protection
+ <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection>`_
+ to enable a cross site scripting filter for IE and Safari (note Chrome has
+ removed this and Firefox never supported it).
+- Sets `X-Content-Type-Options
+ <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options>`_
+ to prevent content type sniffing.
+- Sets a strict `Content Security
+ Policy <https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy>`__
+ of ``default-src: 'self', 'object-src': 'none'``. This is intended to almost completely
+ prevent Cross Site Scripting (XSS) attacks. This is probably the only
+ setting that you should reasonably change. See the
+ `Content Security Policy`_ section.
+- Sets a strict `Referrer-Policy <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy>`_
+ of ``strict-origin-when-cross-origin`` that governs which referrer information should be included with
+ requests made.
+In addition to Talisman, you **should always use a cross-site request
+forgery (CSRF) library**. It's highly recommended to use
+`Flask-SeaSurf <https://flask-seasurf.readthedocs.org/en/latest/>`_,
+which is based on Django's excellent library.
+
+%package help
+Summary: Development documents and examples for flask-talisman
+Provides: python3-flask-talisman-doc
+%description help
+|PyPI Version|
+Talisman is a small Flask extension that handles setting HTTP headers
+that can help protect against a few common web application security
+issues.
+The default configuration:
+- Forces all connects to ``https``, unless running with debug enabled.
+- Enables `HTTP Strict Transport
+ Security <https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security>`_.
+- Sets Flask's session cookie to ``secure``, so it will never be set if
+ your application is somehow accessed via a non-secure connection.
+- Sets Flask's session cookie to ``httponly``, preventing JavaScript
+ from being able to access its content. CSRF via Ajax uses a separate
+ cookie and should be unaffected.
+- Sets Flask's session cookie to ``Lax``, preventing the cookie to be leaked
+ in CSRF-prone request methods.
+- Sets
+ `X-Frame-Options <https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options>`_
+ to ``SAMEORIGIN`` to avoid
+ `clickjacking <https://en.wikipedia.org/wiki/Clickjacking>`_.
+- Sets `X-XSS-Protection
+ <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection>`_
+ to enable a cross site scripting filter for IE and Safari (note Chrome has
+ removed this and Firefox never supported it).
+- Sets `X-Content-Type-Options
+ <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options>`_
+ to prevent content type sniffing.
+- Sets a strict `Content Security
+ Policy <https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy>`__
+ of ``default-src: 'self', 'object-src': 'none'``. This is intended to almost completely
+ prevent Cross Site Scripting (XSS) attacks. This is probably the only
+ setting that you should reasonably change. See the
+ `Content Security Policy`_ section.
+- Sets a strict `Referrer-Policy <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy>`_
+ of ``strict-origin-when-cross-origin`` that governs which referrer information should be included with
+ requests made.
+In addition to Talisman, you **should always use a cross-site request
+forgery (CSRF) library**. It's highly recommended to use
+`Flask-SeaSurf <https://flask-seasurf.readthedocs.org/en/latest/>`_,
+which is based on Django's excellent library.
+
+%prep
+%autosetup -n flask-talisman-1.0.0
+
+%build
+%py3_build
+
+%install
+%py3_install
+install -d -m755 %{buildroot}/%{_pkgdocdir}
+if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
+if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
+if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
+if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
+pushd %{buildroot}
+if [ -d usr/lib ]; then
+ find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/lib64 ]; then
+ find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/bin ]; then
+ find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/sbin ]; then
+ find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+touch doclist.lst
+if [ -d usr/share/man ]; then
+ find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst
+fi
+popd
+mv %{buildroot}/filelist.lst .
+mv %{buildroot}/doclist.lst .
+
+%files -n python3-flask-talisman -f filelist.lst
+%dir %{python3_sitelib}/*
+
+%files help -f doclist.lst
+%{_docdir}/*
+
+%changelog
+* Mon Apr 10 2023 Python_Bot <Python_Bot@openeuler.org> - 1.0.0-1
+- Package Spec generated
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-18 23:29:20 +0000