%global _empty_manifest_terminate_build 0 Name: python-talisman Version: 0.1.0 Release: 1 Summary: HTTP security headers for Flask. License: Apache Software License URL: https://github.com/GoogleCloudPlatform/flask-talisman Source0: https://mirrors.aliyun.com/pypi/web/packages/28/36/9e956917b35eca994d24f5e1d53444369df8144d4e35bc69aceaa2aeb668/talisman-0.1.0.tar.gz BuildArch: noarch %description |Build Status| |Coverage Status| |PyPI Version| Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues. The default configuration: - Forces all connects to ``https``, unless running with debug enabled. - Enables `HTTP Strict Transport Security `__. - Enables HSTS preloading. If you register your application with `Google's HSTS preload list `__, Firefox and Chrome will never load your site over a non-secure connection. - Sets Flask's session cookie to ``secure``, so it will never be set if you application is somehow accessed via a non-secure connection. - Sets Flask's session cookie to ``httponly``, preventing JavaScript from being able to access its content. CSRF via Ajax uses a separate cookie and should be unaffected. - Sets `X-Frame-Options `__ to ``SAMEORIGIN`` to avoid `clickjacking `__. - Sets a strict `Content Security Policy `__ of ``default-src: 'self'``. This is intended to almost completely prevent Cross Site Scripting (XSS) attacks. This is probably the only setting that you should reasonably change. See the `section below <#content-security-policy>`__ on configuring this. In addition to Talisman, you **should always use a cross-site request forgery (CSRF) library**. I highly recommend `Flask-SeaSurf `__, which is based on Django's excellent library. %package -n python3-talisman Summary: HTTP security headers for Flask. Provides: python-talisman BuildRequires: python3-devel BuildRequires: python3-setuptools BuildRequires: python3-pip %description -n python3-talisman |Build Status| |Coverage Status| |PyPI Version| Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues. The default configuration: - Forces all connects to ``https``, unless running with debug enabled. - Enables `HTTP Strict Transport Security `__. - Enables HSTS preloading. If you register your application with `Google's HSTS preload list `__, Firefox and Chrome will never load your site over a non-secure connection. - Sets Flask's session cookie to ``secure``, so it will never be set if you application is somehow accessed via a non-secure connection. - Sets Flask's session cookie to ``httponly``, preventing JavaScript from being able to access its content. CSRF via Ajax uses a separate cookie and should be unaffected. - Sets `X-Frame-Options `__ to ``SAMEORIGIN`` to avoid `clickjacking `__. - Sets a strict `Content Security Policy `__ of ``default-src: 'self'``. This is intended to almost completely prevent Cross Site Scripting (XSS) attacks. This is probably the only setting that you should reasonably change. See the `section below <#content-security-policy>`__ on configuring this. In addition to Talisman, you **should always use a cross-site request forgery (CSRF) library**. I highly recommend `Flask-SeaSurf `__, which is based on Django's excellent library. %package help Summary: Development documents and examples for talisman Provides: python3-talisman-doc %description help |Build Status| |Coverage Status| |PyPI Version| Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues. The default configuration: - Forces all connects to ``https``, unless running with debug enabled. - Enables `HTTP Strict Transport Security `__. - Enables HSTS preloading. If you register your application with `Google's HSTS preload list `__, Firefox and Chrome will never load your site over a non-secure connection. - Sets Flask's session cookie to ``secure``, so it will never be set if you application is somehow accessed via a non-secure connection. - Sets Flask's session cookie to ``httponly``, preventing JavaScript from being able to access its content. CSRF via Ajax uses a separate cookie and should be unaffected. - Sets `X-Frame-Options `__ to ``SAMEORIGIN`` to avoid `clickjacking `__. - Sets a strict `Content Security Policy `__ of ``default-src: 'self'``. This is intended to almost completely prevent Cross Site Scripting (XSS) attacks. This is probably the only setting that you should reasonably change. See the `section below <#content-security-policy>`__ on configuring this. In addition to Talisman, you **should always use a cross-site request forgery (CSRF) library**. I highly recommend `Flask-SeaSurf `__, which is based on Django's excellent library. %prep %autosetup -n talisman-0.1.0 %build %py3_build %install %py3_install install -d -m755 %{buildroot}/%{_pkgdocdir} if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi pushd %{buildroot} if [ -d usr/lib ]; then find usr/lib -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/lib64 ]; then find usr/lib64 -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/bin ]; then find usr/bin -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/sbin ]; then find usr/sbin -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi touch doclist.lst if [ -d usr/share/man ]; then find usr/share/man -type f -printf "\"/%h/%f.gz\"\n" >> doclist.lst fi popd mv %{buildroot}/filelist.lst . mv %{buildroot}/doclist.lst . %files -n python3-talisman -f filelist.lst %dir %{python3_sitelib}/* %files help -f doclist.lst %{_docdir}/* %changelog * Thu Jun 08 2023 Python_Bot - 0.1.0-1 - Package Spec generated