%global _empty_manifest_terminate_build 0 Name: python-secure Version: 0.3.0 Release: 1 Summary: A lightweight package that adds security headers for Python web frameworks. License: MIT URL: https://github.com/TypeError/secure Source0: https://mirrors.nju.edu.cn/pypi/web/packages/16/09/a88439cfd51d76b5da2aff258af3af576f8902f1ca10c11a7b83b1534703/secure-0.3.0.tar.gz BuildArch: noarch %description # secure.py [![image](https://img.shields.io/pypi/v/secure.svg)](https://pypi.org/project/secure/) [![Python 3](https://img.shields.io/badge/python-3-blue.svg)](https://www.python.org/downloads/) [![image](https://img.shields.io/pypi/l/secure.svg)](https://pypi.org/project/secure/) [![image](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black) [![Build Status](https://travis-ci.org/TypeError/secure.svg?branch=master)](https://travis-ci.org/TypeError/secure) secure.py 🔒 is a lightweight package that adds optional security headers for Python web frameworks. ## Supported Python web frameworks [aiohttp](https://docs.aiohttp.org), [Bottle](https://bottlepy.org), [CherryPy](https://cherrypy.org), [Django](https://www.djangoproject.com), [Falcon](https://falconframework.org), [FastAPI](https://fastapi.tiangolo.com), [Flask](http://flask.pocoo.org), [hug](http://www.hug.rest), [Masonite](https://docs.masoniteproject.com), [Pyramid](https://trypyramid.com), [Quart](https://pgjones.gitlab.io/quart/), [Responder](https://python-responder.org), [Sanic](https://sanicframework.org), [Starlette](https://www.starlette.io/), [Tornado](https://www.tornadoweb.org/) ## Install **pip**: ```console pip install secure ``` **Pipenv**: ```console pipenv install secure ``` After installing secure: ```Python import secure secure_headers = secure.Secure() ``` ## Secure Headers ### Example `secure_headers.framework(response)` **Default HTTP response headers:** ```HTTP strict-transport-security: max-age=63072000; includeSubdomains x-frame-options: SAMEORIGIN x-xss-protection: 0 x-content-type-options: nosniff referrer-policy: no-referrer, strict-origin-when-cross-origin cache-control: no-store ``` ## Policy Builders ### Policy Builder Example **Content Security Policy builder:** ```python csp = ( secure.ContentSecurityPolicy() .default_src("'none'") .base_uri("'self'") .connect_src("'self'", "api.spam.com") .frame_src("'none'") .img_src("'self'", "static.spam.com") ) secure_headers = secure.Secure(csp=csp) ``` **HTTP response headers:** ```HTTP strict-transport-security: max-age=63072000; includeSubdomains x-frame-options: SAMEORIGIN x-xss-protection: 0 x-content-type-options: nosniff referrer-policy: no-referrer, strict-origin-when-cross-origin cache-control: no-store content-security-policy: default-src 'none'; base-uri 'self'; connect-src 'self' api.spam.com; frame-src 'none'; img-src 'self' static.spam.com" ``` ## Documentation Please see the full set of documentation at [https://secure.readthedocs.io](https://secure.readthedocs.io) ## FastAPI Example ```python import uvicorn from fastapi import FastAPI import secure app = FastAPI() server = secure.Server().set("Secure") csp = ( secure.ContentSecurityPolicy() .default_src("'none'") .base_uri("'self'") .connect_src("'self'" "api.spam.com") .frame_src("'none'") .img_src("'self'", "static.spam.com") ) hsts = secure.StrictTransportSecurity().include_subdomains().preload().max_age(2592000) referrer = secure.ReferrerPolicy().no_referrer() permissions_value = ( secure.PermissionsPolicy().geolocation("self", "'spam.com'").vibrate() ) cache_value = secure.CacheControl().must_revalidate() secure_headers = secure.Secure( server=server, csp=csp, hsts=hsts, referrer=referrer, permissions=permissions_value, cache=cache_value, ) @app.middleware("http") async def set_secure_headers(request, call_next): response = await call_next(request) secure_headers.framework.fastapi(response) return response @app.get("/") async def root(): return {"message": "Secure"} if __name__ == "__main__": uvicorn.run(app, port=8081, host="localhost") ``` **HTTP response headers:** ```HTTP server: Secure strict-transport-security: includeSubDomains; preload; max-age=2592000 x-frame-options: SAMEORIGIN x-xss-protection: 0 x-content-type-options: nosniff content-security-policy: default-src 'none'; base-uri 'self'; connect-src 'self'api.spam.com; frame-src 'none'; img-src 'self' static.spam.com referrer-policy: no-referrer cache-control: must-revalidate permissions-policy: geolocation=(self 'spam.com'), vibrate=() ``` ## Resources - [kennethreitz/setup.py: 📦 A Human’s Ultimate Guide to setup.py.](https://github.com/kennethreitz/setup.py) - [OWASP - Secure Headers Project](https://www.owasp.org/index.php/OWASP_Secure_Headers_Project) - [Mozilla Web Security](https://infosec.mozilla.org/guidelines/web_security) - [securityheaders.com](https://securityheaders.com) - [MDN Web Docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers#security) - [web.dev](https://web.dev) - [The World Wide Web Consortium (W3C)](https://www.w3.org) %package -n python3-secure Summary: A lightweight package that adds security headers for Python web frameworks. Provides: python-secure BuildRequires: python3-devel BuildRequires: python3-setuptools BuildRequires: python3-pip %description -n python3-secure # secure.py [![image](https://img.shields.io/pypi/v/secure.svg)](https://pypi.org/project/secure/) [![Python 3](https://img.shields.io/badge/python-3-blue.svg)](https://www.python.org/downloads/) [![image](https://img.shields.io/pypi/l/secure.svg)](https://pypi.org/project/secure/) [![image](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black) [![Build Status](https://travis-ci.org/TypeError/secure.svg?branch=master)](https://travis-ci.org/TypeError/secure) secure.py 🔒 is a lightweight package that adds optional security headers for Python web frameworks. ## Supported Python web frameworks [aiohttp](https://docs.aiohttp.org), [Bottle](https://bottlepy.org), [CherryPy](https://cherrypy.org), [Django](https://www.djangoproject.com), [Falcon](https://falconframework.org), [FastAPI](https://fastapi.tiangolo.com), [Flask](http://flask.pocoo.org), [hug](http://www.hug.rest), [Masonite](https://docs.masoniteproject.com), [Pyramid](https://trypyramid.com), [Quart](https://pgjones.gitlab.io/quart/), [Responder](https://python-responder.org), [Sanic](https://sanicframework.org), [Starlette](https://www.starlette.io/), [Tornado](https://www.tornadoweb.org/) ## Install **pip**: ```console pip install secure ``` **Pipenv**: ```console pipenv install secure ``` After installing secure: ```Python import secure secure_headers = secure.Secure() ``` ## Secure Headers ### Example `secure_headers.framework(response)` **Default HTTP response headers:** ```HTTP strict-transport-security: max-age=63072000; includeSubdomains x-frame-options: SAMEORIGIN x-xss-protection: 0 x-content-type-options: nosniff referrer-policy: no-referrer, strict-origin-when-cross-origin cache-control: no-store ``` ## Policy Builders ### Policy Builder Example **Content Security Policy builder:** ```python csp = ( secure.ContentSecurityPolicy() .default_src("'none'") .base_uri("'self'") .connect_src("'self'", "api.spam.com") .frame_src("'none'") .img_src("'self'", "static.spam.com") ) secure_headers = secure.Secure(csp=csp) ``` **HTTP response headers:** ```HTTP strict-transport-security: max-age=63072000; includeSubdomains x-frame-options: SAMEORIGIN x-xss-protection: 0 x-content-type-options: nosniff referrer-policy: no-referrer, strict-origin-when-cross-origin cache-control: no-store content-security-policy: default-src 'none'; base-uri 'self'; connect-src 'self' api.spam.com; frame-src 'none'; img-src 'self' static.spam.com" ``` ## Documentation Please see the full set of documentation at [https://secure.readthedocs.io](https://secure.readthedocs.io) ## FastAPI Example ```python import uvicorn from fastapi import FastAPI import secure app = FastAPI() server = secure.Server().set("Secure") csp = ( secure.ContentSecurityPolicy() .default_src("'none'") .base_uri("'self'") .connect_src("'self'" "api.spam.com") .frame_src("'none'") .img_src("'self'", "static.spam.com") ) hsts = secure.StrictTransportSecurity().include_subdomains().preload().max_age(2592000) referrer = secure.ReferrerPolicy().no_referrer() permissions_value = ( secure.PermissionsPolicy().geolocation("self", "'spam.com'").vibrate() ) cache_value = secure.CacheControl().must_revalidate() secure_headers = secure.Secure( server=server, csp=csp, hsts=hsts, referrer=referrer, permissions=permissions_value, cache=cache_value, ) @app.middleware("http") async def set_secure_headers(request, call_next): response = await call_next(request) secure_headers.framework.fastapi(response) return response @app.get("/") async def root(): return {"message": "Secure"} if __name__ == "__main__": uvicorn.run(app, port=8081, host="localhost") ``` **HTTP response headers:** ```HTTP server: Secure strict-transport-security: includeSubDomains; preload; max-age=2592000 x-frame-options: SAMEORIGIN x-xss-protection: 0 x-content-type-options: nosniff content-security-policy: default-src 'none'; base-uri 'self'; connect-src 'self'api.spam.com; frame-src 'none'; img-src 'self' static.spam.com referrer-policy: no-referrer cache-control: must-revalidate permissions-policy: geolocation=(self 'spam.com'), vibrate=() ``` ## Resources - [kennethreitz/setup.py: 📦 A Human’s Ultimate Guide to setup.py.](https://github.com/kennethreitz/setup.py) - [OWASP - Secure Headers Project](https://www.owasp.org/index.php/OWASP_Secure_Headers_Project) - [Mozilla Web Security](https://infosec.mozilla.org/guidelines/web_security) - [securityheaders.com](https://securityheaders.com) - [MDN Web Docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers#security) - [web.dev](https://web.dev) - [The World Wide Web Consortium (W3C)](https://www.w3.org) %package help Summary: Development documents and examples for secure Provides: python3-secure-doc %description help # secure.py [![image](https://img.shields.io/pypi/v/secure.svg)](https://pypi.org/project/secure/) [![Python 3](https://img.shields.io/badge/python-3-blue.svg)](https://www.python.org/downloads/) [![image](https://img.shields.io/pypi/l/secure.svg)](https://pypi.org/project/secure/) [![image](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black) [![Build Status](https://travis-ci.org/TypeError/secure.svg?branch=master)](https://travis-ci.org/TypeError/secure) secure.py 🔒 is a lightweight package that adds optional security headers for Python web frameworks. ## Supported Python web frameworks [aiohttp](https://docs.aiohttp.org), [Bottle](https://bottlepy.org), [CherryPy](https://cherrypy.org), [Django](https://www.djangoproject.com), [Falcon](https://falconframework.org), [FastAPI](https://fastapi.tiangolo.com), [Flask](http://flask.pocoo.org), [hug](http://www.hug.rest), [Masonite](https://docs.masoniteproject.com), [Pyramid](https://trypyramid.com), [Quart](https://pgjones.gitlab.io/quart/), [Responder](https://python-responder.org), [Sanic](https://sanicframework.org), [Starlette](https://www.starlette.io/), [Tornado](https://www.tornadoweb.org/) ## Install **pip**: ```console pip install secure ``` **Pipenv**: ```console pipenv install secure ``` After installing secure: ```Python import secure secure_headers = secure.Secure() ``` ## Secure Headers ### Example `secure_headers.framework(response)` **Default HTTP response headers:** ```HTTP strict-transport-security: max-age=63072000; includeSubdomains x-frame-options: SAMEORIGIN x-xss-protection: 0 x-content-type-options: nosniff referrer-policy: no-referrer, strict-origin-when-cross-origin cache-control: no-store ``` ## Policy Builders ### Policy Builder Example **Content Security Policy builder:** ```python csp = ( secure.ContentSecurityPolicy() .default_src("'none'") .base_uri("'self'") .connect_src("'self'", "api.spam.com") .frame_src("'none'") .img_src("'self'", "static.spam.com") ) secure_headers = secure.Secure(csp=csp) ``` **HTTP response headers:** ```HTTP strict-transport-security: max-age=63072000; includeSubdomains x-frame-options: SAMEORIGIN x-xss-protection: 0 x-content-type-options: nosniff referrer-policy: no-referrer, strict-origin-when-cross-origin cache-control: no-store content-security-policy: default-src 'none'; base-uri 'self'; connect-src 'self' api.spam.com; frame-src 'none'; img-src 'self' static.spam.com" ``` ## Documentation Please see the full set of documentation at [https://secure.readthedocs.io](https://secure.readthedocs.io) ## FastAPI Example ```python import uvicorn from fastapi import FastAPI import secure app = FastAPI() server = secure.Server().set("Secure") csp = ( secure.ContentSecurityPolicy() .default_src("'none'") .base_uri("'self'") .connect_src("'self'" "api.spam.com") .frame_src("'none'") .img_src("'self'", "static.spam.com") ) hsts = secure.StrictTransportSecurity().include_subdomains().preload().max_age(2592000) referrer = secure.ReferrerPolicy().no_referrer() permissions_value = ( secure.PermissionsPolicy().geolocation("self", "'spam.com'").vibrate() ) cache_value = secure.CacheControl().must_revalidate() secure_headers = secure.Secure( server=server, csp=csp, hsts=hsts, referrer=referrer, permissions=permissions_value, cache=cache_value, ) @app.middleware("http") async def set_secure_headers(request, call_next): response = await call_next(request) secure_headers.framework.fastapi(response) return response @app.get("/") async def root(): return {"message": "Secure"} if __name__ == "__main__": uvicorn.run(app, port=8081, host="localhost") ``` **HTTP response headers:** ```HTTP server: Secure strict-transport-security: includeSubDomains; preload; max-age=2592000 x-frame-options: SAMEORIGIN x-xss-protection: 0 x-content-type-options: nosniff content-security-policy: default-src 'none'; base-uri 'self'; connect-src 'self'api.spam.com; frame-src 'none'; img-src 'self' static.spam.com referrer-policy: no-referrer cache-control: must-revalidate permissions-policy: geolocation=(self 'spam.com'), vibrate=() ``` ## Resources - [kennethreitz/setup.py: 📦 A Human’s Ultimate Guide to setup.py.](https://github.com/kennethreitz/setup.py) - [OWASP - Secure Headers Project](https://www.owasp.org/index.php/OWASP_Secure_Headers_Project) - [Mozilla Web Security](https://infosec.mozilla.org/guidelines/web_security) - [securityheaders.com](https://securityheaders.com) - [MDN Web Docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers#security) - [web.dev](https://web.dev) - [The World Wide Web Consortium (W3C)](https://www.w3.org) %prep %autosetup -n secure-0.3.0 %build %py3_build %install %py3_install install -d -m755 %{buildroot}/%{_pkgdocdir} if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi pushd %{buildroot} if [ -d usr/lib ]; then find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/lib64 ]; then find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/bin ]; then find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/sbin ]; then find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst fi touch doclist.lst if [ -d usr/share/man ]; then find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst fi popd mv %{buildroot}/filelist.lst . mv %{buildroot}/doclist.lst . %files -n python3-secure -f filelist.lst %dir %{python3_sitelib}/* %files help -f doclist.lst %{_docdir}/* %changelog * Tue Apr 11 2023 Python_Bot - 0.3.0-1 - Package Spec generated