%global _empty_manifest_terminate_build 0 Name: python-flask-talisman Version: 1.0.0 Release: 1 Summary: HTTP security headers for Flask. License: Apache Software License URL: https://github.com/wntrblm/flask-talisman Source0: https://mirrors.nju.edu.cn/pypi/web/packages/91/3b/9f2636055f0f238e29a551fdf0bd590dc86f9f1a76f5d8b9f0d20185e381/flask-talisman-1.0.0.tar.gz BuildArch: noarch %description |PyPI Version| Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues. The default configuration: - Forces all connects to ``https``, unless running with debug enabled. - Enables `HTTP Strict Transport Security `_. - Sets Flask's session cookie to ``secure``, so it will never be set if your application is somehow accessed via a non-secure connection. - Sets Flask's session cookie to ``httponly``, preventing JavaScript from being able to access its content. CSRF via Ajax uses a separate cookie and should be unaffected. - Sets Flask's session cookie to ``Lax``, preventing the cookie to be leaked in CSRF-prone request methods. - Sets `X-Frame-Options `_ to ``SAMEORIGIN`` to avoid `clickjacking `_. - Sets `X-XSS-Protection `_ to enable a cross site scripting filter for IE and Safari (note Chrome has removed this and Firefox never supported it). - Sets `X-Content-Type-Options `_ to prevent content type sniffing. - Sets a strict `Content Security Policy `__ of ``default-src: 'self', 'object-src': 'none'``. This is intended to almost completely prevent Cross Site Scripting (XSS) attacks. This is probably the only setting that you should reasonably change. See the `Content Security Policy`_ section. - Sets a strict `Referrer-Policy `_ of ``strict-origin-when-cross-origin`` that governs which referrer information should be included with requests made. In addition to Talisman, you **should always use a cross-site request forgery (CSRF) library**. It's highly recommended to use `Flask-SeaSurf `_, which is based on Django's excellent library. %package -n python3-flask-talisman Summary: HTTP security headers for Flask. Provides: python-flask-talisman BuildRequires: python3-devel BuildRequires: python3-setuptools BuildRequires: python3-pip %description -n python3-flask-talisman |PyPI Version| Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues. The default configuration: - Forces all connects to ``https``, unless running with debug enabled. - Enables `HTTP Strict Transport Security `_. - Sets Flask's session cookie to ``secure``, so it will never be set if your application is somehow accessed via a non-secure connection. - Sets Flask's session cookie to ``httponly``, preventing JavaScript from being able to access its content. CSRF via Ajax uses a separate cookie and should be unaffected. - Sets Flask's session cookie to ``Lax``, preventing the cookie to be leaked in CSRF-prone request methods. - Sets `X-Frame-Options `_ to ``SAMEORIGIN`` to avoid `clickjacking `_. - Sets `X-XSS-Protection `_ to enable a cross site scripting filter for IE and Safari (note Chrome has removed this and Firefox never supported it). - Sets `X-Content-Type-Options `_ to prevent content type sniffing. - Sets a strict `Content Security Policy `__ of ``default-src: 'self', 'object-src': 'none'``. This is intended to almost completely prevent Cross Site Scripting (XSS) attacks. This is probably the only setting that you should reasonably change. See the `Content Security Policy`_ section. - Sets a strict `Referrer-Policy `_ of ``strict-origin-when-cross-origin`` that governs which referrer information should be included with requests made. In addition to Talisman, you **should always use a cross-site request forgery (CSRF) library**. It's highly recommended to use `Flask-SeaSurf `_, which is based on Django's excellent library. %package help Summary: Development documents and examples for flask-talisman Provides: python3-flask-talisman-doc %description help |PyPI Version| Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues. The default configuration: - Forces all connects to ``https``, unless running with debug enabled. - Enables `HTTP Strict Transport Security `_. - Sets Flask's session cookie to ``secure``, so it will never be set if your application is somehow accessed via a non-secure connection. - Sets Flask's session cookie to ``httponly``, preventing JavaScript from being able to access its content. CSRF via Ajax uses a separate cookie and should be unaffected. - Sets Flask's session cookie to ``Lax``, preventing the cookie to be leaked in CSRF-prone request methods. - Sets `X-Frame-Options `_ to ``SAMEORIGIN`` to avoid `clickjacking `_. - Sets `X-XSS-Protection `_ to enable a cross site scripting filter for IE and Safari (note Chrome has removed this and Firefox never supported it). - Sets `X-Content-Type-Options `_ to prevent content type sniffing. - Sets a strict `Content Security Policy `__ of ``default-src: 'self', 'object-src': 'none'``. This is intended to almost completely prevent Cross Site Scripting (XSS) attacks. This is probably the only setting that you should reasonably change. See the `Content Security Policy`_ section. - Sets a strict `Referrer-Policy `_ of ``strict-origin-when-cross-origin`` that governs which referrer information should be included with requests made. In addition to Talisman, you **should always use a cross-site request forgery (CSRF) library**. It's highly recommended to use `Flask-SeaSurf `_, which is based on Django's excellent library. %prep %autosetup -n flask-talisman-1.0.0 %build %py3_build %install %py3_install install -d -m755 %{buildroot}/%{_pkgdocdir} if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi pushd %{buildroot} if [ -d usr/lib ]; then find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/lib64 ]; then find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/bin ]; then find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/sbin ]; then find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst fi touch doclist.lst if [ -d usr/share/man ]; then find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst fi popd mv %{buildroot}/filelist.lst . mv %{buildroot}/doclist.lst . %files -n python3-flask-talisman -f filelist.lst %dir %{python3_sitelib}/* %files help -f doclist.lst %{_docdir}/* %changelog * Fri Apr 21 2023 Python_Bot - 1.0.0-1 - Package Spec generated