deb_control_files:
- control
- md5sums
- postinst
- prerm
deb_fields:
Architecture: all
Depends: python3:any
Description: |-
HTTP security headers for Flask
Talisman is a small Flask extension that handles setting HTTP headers that can
help protect against a few common web application security issues.
.
The default configuration:
.
* Forces all connects to https, unless running with debug enabled.
* Enables HTTP Strict Transport Security.
* Sets Flask's session cookie to secure, so it will never be set if your
application is somehow accessed via a non-secure connection.
* Sets Flask's session cookie to httponly, preventing JavaScript from being
able to access its content. CSRF via Ajax uses a separate cookie and should
be unaffected.
* Sets X-Frame-Options to SAMEORIGIN to avoid clickjacking.
* Sets X-XSS-Protection to enable a cross site scripting filter for IE and
Safari (note Chrome has removed this and Firefox never supported it).
* Sets X-Content-Type-Options to prevent content type sniffing.
* Sets a strict Content Security Policy of default-src: 'self'. This is
intended to almost completely prevent Cross Site Scripting (XSS) attacks.
This is probably the only setting that you should reasonably change. See
the Content Security Policy section.
* Sets a strict Referrer-Policy of strict-origin-when-cross-origin that
governs which referrer information should be included with requests made.
Homepage: https://github.com/wntrblm/flask-talisman
Installed-Size: '80'
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Package: python3-flask-talisman
Priority: optional
Section: python
Source: flask-talisman
Version: 1.0.0-3
srcpkg_name: flask-talisman
srcpkg_version: 1.0.0-3