flask-talisman 1.1.0-2 source package in Ubuntu

Changelog

flask-talisman (1.1.0-2) unstable; urgency=medium

  * New upstream release.
  * Update copyright year.
  * Update Standards-Version.

 -- Edward Betts <edward@4angle.com>  Thu, 03 Aug 2023 15:05:26 +0100

Upload details

Uploaded by:
Debian Python Team
Uploaded to:
Sid
Original maintainer:
Debian Python Team
Architectures:
all
Section:
misc
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Oracular release universe misc
Noble release universe misc
Mantic release universe misc

Builds

Mantic: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
flask-talisman_1.1.0-2.dsc 2.1 KiB 21a39be279425905115ba38ed87257132790f5c5b216bb04598da7f507cea180
flask-talisman_1.1.0.orig.tar.gz 19.0 KiB 02829a008f7127166d66f3731a57e5cd0bcbb6182e7b8fea30a6cb115d3726a4
flask-talisman_1.1.0-2.debian.tar.xz 2.6 KiB 1bb3705494be20616797ef17d5ac8962664a6b3354b90d6e55610e9f21e0e1c1

Available diffs

No changes file available.

Binary packages built by this source

python3-flask-talisman: HTTP security headers for Flask

 Talisman is a small Flask extension that handles setting HTTP headers that can
 help protect against a few common web application security issues.
 .
 The default configuration:
 .
  * Forces all connects to https, unless running with debug enabled.
  * Enables HTTP Strict Transport Security.
  * Sets Flask's session cookie to secure, so it will never be set if your
    application is somehow accessed via a non-secure connection.
  * Sets Flask's session cookie to httponly, preventing JavaScript from being
    able to access its content. CSRF via Ajax uses a separate cookie and should
    be unaffected.
  * Sets X-Frame-Options to SAMEORIGIN to avoid clickjacking.
  * Sets X-XSS-Protection to enable a cross site scripting filter for IE and
    Safari (note Chrome has removed this and Firefox never supported it).
  * Sets X-Content-Type-Options to prevent content type sniffing.
  * Sets a strict Content Security Policy of default-src: 'self'. This is
    intended to almost completely prevent Cross Site Scripting (XSS) attacks.
    This is probably the only setting that you should reasonably change. See
    the Content Security Policy section.
  * Sets a strict Referrer-Policy of strict-origin-when-cross-origin that
    governs which referrer information should be included with requests made.