all options
bookworm  ] [  sid  ]
[ Source: flask-talisman  ]

Package: python3-flask-talisman (1.0.0-3)

Links for python3-flask-talisman


Debian Resources:

Download Source Package flask-talisman:


External Resources:

Similar packages:

HTTP security headers for Flask

Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.

The default configuration:

 * Forces all connects to https, unless running with debug enabled.
 * Enables HTTP Strict Transport Security.
 * Sets Flask's session cookie to secure, so it will never be set if your
   application is somehow accessed via a non-secure connection.
 * Sets Flask's session cookie to httponly, preventing JavaScript from being
   able to access its content. CSRF via Ajax uses a separate cookie and should
   be unaffected.
 * Sets X-Frame-Options to SAMEORIGIN to avoid clickjacking.
 * Sets X-XSS-Protection to enable a cross site scripting filter for IE and
   Safari (note Chrome has removed this and Firefox never supported it).
 * Sets X-Content-Type-Options to prevent content type sniffing.
 * Sets a strict Content Security Policy of default-src: 'self'. This is
   intended to almost completely prevent Cross Site Scripting (XSS) attacks.
   This is probably the only setting that you should reasonably change. See
   the Content Security Policy section.
 * Sets a strict Referrer-Policy of strict-origin-when-cross-origin that
   governs which referrer information should be included with requests made.

Other Packages Related to python3-flask-talisman

  • depends
  • recommends
  • suggests
  • enhances

Download python3-flask-talisman

Download for all available architectures
Architecture Package Size Installed Size Files
all 14.8 kB80.0 kB [list of files]