From d418be8c269da1007840fc8aba97d2b281524a85 Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Thu, 18 May 2023 04:39:28 +0000 Subject: automatic import of python-talisman --- .gitignore | 1 + python-talisman.spec | 162 +++++++++++++++++++++++++++++++++++++++++++++++++++ sources | 1 + 3 files changed, 164 insertions(+) create mode 100644 python-talisman.spec create mode 100644 sources diff --git a/.gitignore b/.gitignore index e69de29..50f09e2 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1 @@ +/talisman-0.1.0.tar.gz diff --git a/python-talisman.spec b/python-talisman.spec new file mode 100644 index 0000000..a3dd12c --- /dev/null +++ b/python-talisman.spec @@ -0,0 +1,162 @@ +%global _empty_manifest_terminate_build 0 +Name: python-talisman +Version: 0.1.0 +Release: 1 +Summary: HTTP security headers for Flask. +License: Apache Software License +URL: https://github.com/GoogleCloudPlatform/flask-talisman +Source0: https://mirrors.nju.edu.cn/pypi/web/packages/28/36/9e956917b35eca994d24f5e1d53444369df8144d4e35bc69aceaa2aeb668/talisman-0.1.0.tar.gz +BuildArch: noarch + + +%description +|Build Status| |Coverage Status| |PyPI Version| +Talisman is a small Flask extension that handles setting HTTP headers +that can help protect against a few common web application security +issues. +The default configuration: +- Forces all connects to ``https``, unless running with debug enabled. +- Enables `HTTP Strict Transport + Security `__. +- Enables HSTS preloading. If you register your application with + `Google's HSTS preload list `__, + Firefox and Chrome will never load your site over a non-secure + connection. +- Sets Flask's session cookie to ``secure``, so it will never be set if + you application is somehow accessed via a non-secure connection. +- Sets Flask's session cookie to ``httponly``, preventing JavaScript + from being able to access its content. CSRF via Ajax uses a separate + cookie and should be unaffected. +- Sets + `X-Frame-Options `__ + to ``SAMEORIGIN`` to avoid + `clickjacking `__. +- Sets a strict `Content Security + Policy `__ + of ``default-src: 'self'``. This is intended to almost completely + prevent Cross Site Scripting (XSS) attacks. This is probably the only + setting that you should reasonably change. See the `section + below <#content-security-policy>`__ on configuring this. +In addition to Talisman, you **should always use a cross-site request +forgery (CSRF) library**. I highly recommend +`Flask-SeaSurf `__, +which is based on Django's excellent library. + +%package -n python3-talisman +Summary: HTTP security headers for Flask. +Provides: python-talisman +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-pip +%description -n python3-talisman +|Build Status| |Coverage Status| |PyPI Version| +Talisman is a small Flask extension that handles setting HTTP headers +that can help protect against a few common web application security +issues. +The default configuration: +- Forces all connects to ``https``, unless running with debug enabled. +- Enables `HTTP Strict Transport + Security `__. +- Enables HSTS preloading. If you register your application with + `Google's HSTS preload list `__, + Firefox and Chrome will never load your site over a non-secure + connection. +- Sets Flask's session cookie to ``secure``, so it will never be set if + you application is somehow accessed via a non-secure connection. +- Sets Flask's session cookie to ``httponly``, preventing JavaScript + from being able to access its content. CSRF via Ajax uses a separate + cookie and should be unaffected. +- Sets + `X-Frame-Options `__ + to ``SAMEORIGIN`` to avoid + `clickjacking `__. +- Sets a strict `Content Security + Policy `__ + of ``default-src: 'self'``. This is intended to almost completely + prevent Cross Site Scripting (XSS) attacks. This is probably the only + setting that you should reasonably change. See the `section + below <#content-security-policy>`__ on configuring this. +In addition to Talisman, you **should always use a cross-site request +forgery (CSRF) library**. I highly recommend +`Flask-SeaSurf `__, +which is based on Django's excellent library. + +%package help +Summary: Development documents and examples for talisman +Provides: python3-talisman-doc +%description help +|Build Status| |Coverage Status| |PyPI Version| +Talisman is a small Flask extension that handles setting HTTP headers +that can help protect against a few common web application security +issues. +The default configuration: +- Forces all connects to ``https``, unless running with debug enabled. +- Enables `HTTP Strict Transport + Security `__. +- Enables HSTS preloading. If you register your application with + `Google's HSTS preload list `__, + Firefox and Chrome will never load your site over a non-secure + connection. +- Sets Flask's session cookie to ``secure``, so it will never be set if + you application is somehow accessed via a non-secure connection. +- Sets Flask's session cookie to ``httponly``, preventing JavaScript + from being able to access its content. CSRF via Ajax uses a separate + cookie and should be unaffected. +- Sets + `X-Frame-Options `__ + to ``SAMEORIGIN`` to avoid + `clickjacking `__. +- Sets a strict `Content Security + Policy `__ + of ``default-src: 'self'``. This is intended to almost completely + prevent Cross Site Scripting (XSS) attacks. This is probably the only + setting that you should reasonably change. See the `section + below <#content-security-policy>`__ on configuring this. +In addition to Talisman, you **should always use a cross-site request +forgery (CSRF) library**. I highly recommend +`Flask-SeaSurf `__, +which is based on Django's excellent library. + +%prep +%autosetup -n talisman-0.1.0 + +%build +%py3_build + +%install +%py3_install +install -d -m755 %{buildroot}/%{_pkgdocdir} +if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi +if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi +if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi +if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi +pushd %{buildroot} +if [ -d usr/lib ]; then + find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/lib64 ]; then + find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/bin ]; then + find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/sbin ]; then + find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst +fi +touch doclist.lst +if [ -d usr/share/man ]; then + find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst +fi +popd +mv %{buildroot}/filelist.lst . +mv %{buildroot}/doclist.lst . + +%files -n python3-talisman -f filelist.lst +%dir %{python3_sitelib}/* + +%files help -f doclist.lst +%{_docdir}/* + +%changelog +* Thu May 18 2023 Python_Bot - 0.1.0-1 +- Package Spec generated diff --git a/sources b/sources new file mode 100644 index 0000000..948cc83 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +a6c0a401ee46d8fb603a9b7c3f571313 talisman-0.1.0.tar.gz -- cgit v1.2.3