Flask-talisman

Latest version: v1.1.0

Safety actively analyzes 613666 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

1.1.0

What's Changed
* fix typo in permissions_policy examples by mmmaaatttttt in https://github.com/wntrblm/flask-talisman/pull/25
* Disable X-XSS protection by default by Jonakemon in https://github.com/wntrblm/flask-talisman/pull/28
* Add Permissions Policy directive browsing-topics by bershanskiy in https://github.com/wntrblm/flask-talisman/pull/24

New Contributors
* mmmaaatttttt made their first contribution in https://github.com/wntrblm/flask-talisman/pull/25

**Full Changelog**: https://github.com/wntrblm/flask-talisman/compare/v1.0.0...v1.1.0

1.0.0

What's Changed
* Increase default nonce size by tunetheweb in https://github.com/wntrblm/flask-talisman/pull/15
* Deprecate Python 2.x support by eelkevdbos in https://github.com/wntrblm/flask-talisman/pull/17
* Add the new default directive to the README by QEDK in https://github.com/wntrblm/flask-talisman/pull/16
* Document disabling Content Security Policy by strugee in https://github.com/wntrblm/flask-talisman/pull/18
* Remove obsolete Permissions Policy directive interest-cohort by bershanskiy in https://github.com/wntrblm/flask-talisman/pull/21

New Contributors
* QEDK made their first contribution in https://github.com/wntrblm/flask-talisman/pull/16
* strugee made their first contribution in https://github.com/wntrblm/flask-talisman/pull/18
* eelkevdbos made their first contribution in https://github.com/wntrblm/flask-talisman/pull/17
* bershanskiy made their first contribution in https://github.com/wntrblm/flask-talisman/pull/21

**Full Changelog**: https://github.com/wntrblm/flask-talisman/compare/v0.8.1...v1.0.0

0.8.1

Fixed
- CSP nonces were applied to all directives, instead of only the specified directives (13), thanks tunetheweb for fixing

0.8.0

**NOTE**: This is the first release after the project was forked from GoogleCloudPlatform/flask-talisman.

Changes
- `object-src` is now a default CSP directive with value `'none'`. QEDK (2)
- `Document Policy` and `Permissions Policy` are now supported. tunetheweb (3)
- The ingest cohort directive for Permissions Policy is by default turned off (3)
- You can now disable the `X-Content-Type-Options` and `X-XSS-Protection` headers. By default they're turned on. ezelbanaan (4)
- You can now specify SameSite attributes for session cookies; by default that's set to `Lax`. tylersalminen 5
- You can now customize nonce configuration per view / route. tunetheweb (6)
- The length of the CSP nonce is now properly limited. tunetheweb
- Removed the legacy `X-Content-Security-Policy` header and its associated option, `legacy_content_security_policy_header`.

For maintainers
- Moved CI / CD to Github Actions from Travis (1)
- Removed Python 3.4 from CI (1)
- Increased line length to 120 (1)

Links

Releases

Has known vulnerabilities

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.