{
    "info": {
        "author": "gregorynicholas",
        "author_email": "gn@gregorynicholas.com",
        "bugtrack_url": null,
        "classifiers": [
            "Development Status :: 5 - Production/Stable",
            "Environment :: Web Environment",
            "Framework :: Flask",
            "Intended Audience :: Developers",
            "License :: OSI Approved :: Apache Software License",
            "Natural Language :: English",
            "Operating System :: OS Independent",
            "Programming Language :: Python",
            "Programming Language :: Python :: 2",
            "Programming Language :: Python :: 2.6",
            "Programming Language :: Python :: 2.7",
            "Programming Language :: Python :: Implementation :: PyPy",
            "Topic :: Internet :: WWW/HTTP",
            "Topic :: Internet :: WWW/HTTP :: Dynamic Content",
            "Topic :: Internet :: WWW/HTTP :: Session",
            "Topic :: Internet :: WWW/HTTP :: WSGI",
            "Topic :: Internet :: WWW/HTTP :: WSGI :: Middleware",
            "Topic :: Security",
            "Topic :: Security :: Cryptography",
            "Topic :: Software Development :: Libraries :: Python Modules"
        ],
        "description": "flask-xsrf\r\n----------\r\n\r\n`flask <http://flask.pocoo.org>`__ extension for defending against\r\n*cross-site request forgery attacks*\r\n`(xsrf/csrf) <https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)>`__,\r\nby protecting flask request endpoints with uniquely generated tokens for\r\neach request.\r\n\r\n+-----------+------------+----------+\r\n| FLASK     | PYTHON     | XSRF     |\r\n+===========+============+==========+\r\n| |flask|   | |python|   | |csrf|   |\r\n+-----------+------------+----------+\r\n\r\n**BUILD BADGES**\r\n\r\n+---------------+--------------------+---------------------------------------------+\r\n| ``branch``    | ``service``        | ``status``                                  |\r\n+===============+====================+=============================================+\r\n| ``master``    | ``ci-build``       | |travis-ci (build-status): master|          |\r\n+---------------+--------------------+---------------------------------------------+\r\n| ``develop``   | ``ci-build``       | |travis-ci (build-status): develop|         |\r\n+---------------+--------------------+---------------------------------------------+\r\n| ``master``    | ``coveralls.io``   | |coveralls.io (coverage-status): master|    |\r\n+---------------+--------------------+---------------------------------------------+\r\n| ``develop``   | ``coveralls.io``   | |coveralls.io (coverage-status): develop|   |\r\n+---------------+--------------------+---------------------------------------------+\r\n| ``master``    | ``landscape.io``   | |landscape (code-health): master|           |\r\n+---------------+--------------------+---------------------------------------------+\r\n| ``develop``   | ``landscape.io``   | |landscape: (code-health): develop|         |\r\n+---------------+--------------------+---------------------------------------------+\r\n\r\n**RELEASE BADGES**\r\n\r\n+---------------+------------------------+-----------------------------+\r\n| ``service``   | ``title``              | ``status``                  |\r\n+===============+========================+=============================+\r\n| ``github``    | ``tags``               | |github tags|               |\r\n+---------------+------------------------+-----------------------------+\r\n| ``github``    | ``releases: all``      | |github releases: all|      |\r\n+---------------+------------------------+-----------------------------+\r\n| ``github``    | ``releases: latest``   | |github releases: latest|   |\r\n+---------------+------------------------+-----------------------------+\r\n| ``pypi``      | ``releases: latest``   | |pypi releases: latest|     |\r\n+---------------+------------------------+-----------------------------+\r\n| ``pypi``      | ``downloads``          | |pypi - downloads|          |\r\n+---------------+------------------------+-----------------------------+\r\n| ``pypi``      | ``dl: month``          | |PyPI|                      |\r\n+---------------+------------------------+-----------------------------+\r\n| ``pypi``      | ``dl: week``           | |PyPI|                      |\r\n+---------------+------------------------+-----------------------------+\r\n| ``pypi``      | ``dl: day``            | |PyPI|                      |\r\n+---------------+------------------------+-----------------------------+\r\n\r\n**REFERENCE / LINKS**\r\n\r\n-  `package (pypi) <http://packages.python.org/flask-xsrf>`__\r\n-  `docs (readthedocs) <https://readthedocs.org/projects/flask-xsrf/>`__\r\n-  `wiki\r\n   (github) <https://github.com/gregorynicholas/flask-xsrf/wiki>`__\r\n-  `source (github) <http://github.com/gregorynicholas/flask-xsrf>`__\r\n-  `releases\r\n   (github) <https://github.com/gregorynicholas/flask-xsrf/releases>`__\r\n-  `changelog\r\n   notes <https://github.com/gregorynicholas/flask-xsrf/blob/master/CHANGES.md>`__\r\n-  `build-status\r\n   (travis-ci) <http://travis-ci.org/gregorynicholas/flask-xsrf>`__\r\n-  `coverage-status\r\n   (coveralls) <https://coveralls.io/github/gregorynicholas/flask-xsrf>`__\r\n-  `contributing\r\n   notes <http://github.com/gregorynicholas/flask-xsrf/wiki>`__\r\n-  `issues\r\n   (github) <https://github.com/gregorynicholas/flask-xsrf/issues>`__\r\n\r\nHOW IT WORKS\r\n~~~~~~~~~~~~\r\n\r\n-  \r\n\r\n**FEATURES**\r\n\r\n-  **timeout** - optionally, you can specify a default time window for\r\n   valid tokens\r\n\r\nUSAGE\r\n~~~~~\r\n\r\n**REQUIREMENTS**\r\n\r\n+--------------+---------------+\r\n| python       | flask         |\r\n+==============+===============+\r\n| ``2.7.6+``   | ``0.11.0+``   |\r\n+--------------+---------------+\r\n\r\n**INSTALLATION**\r\n\r\ninstall with pip (usually recommended to specify a specific version):\r\n\r\n.. code:: sh\r\n\r\n    $ pip install flask-xsrf\r\n    $ pip install flask-xsrf==1.0.3\r\n\r\n**IMPLEMENTATION**\r\n\r\nimplementation of the library with your flask app breaks down into four\r\nsteps.\r\n\r\n1: add a ``secret_key`` to your flask app config object:\r\n\r\n.. code:: py\r\n\r\n    from flask import Flask\r\n\r\n    flask_app = Flask(__name__)\r\n    flask_app.secret_key = '<:session_secret_key>'\r\n    flask_app.config['session_cookie_secure'] = True\r\n    flask_app.config['remember_cookie_name'] = 'testdomain.com'\r\n    flask_app.config['remember_cookie_duration_in_days'] = 1\r\n\r\n2: create an instance of an ``XSRFTokenHandler`` object, and specify a\r\nmethod/callable which will be used as a getter by the token handler to\r\nget a ``user_id``. optionally, you can assign auto-generated id's for\r\nanonymous requests. lastly, you may specify a default ``timeout``, in\r\nnumber of seconds, to expire tokens after a specific the amount of time:\r\n\r\n.. code:: py\r\n\r\n    from flask import Response\r\n    from flask import session\r\n    import flask_xsrf as xsrf\r\n\r\n    @flask_app.before_request\r\n    def before_request():\r\n      if 'user_id' not in session:\r\n        session['user_id'] = 'random_generated_anonymous_id'\r\n\r\n    def get_user_id():\r\n      return session.get('user_id')\r\n\r\n    xsrf_handler = xsrf.XSRFTokenHandler(\r\n      user_fn=get_user_id, secret='xsrf_secret', timeout=3600)\r\n\r\n*NOTE: currently, usage of the ``session`` is required (`see TODO notes\r\nbelow <#todo>`__).*\r\n\r\n3: decorate ``GET`` request-handlers to send a generated token:\r\n\r\n.. code:: py\r\n\r\n    @flask_app.route('/test', methods=['GET'])\r\n    @xsrf_handler.send_token()\r\n    def test_get():\r\n      return Response('success')\r\n\r\n4: decorate ``POST`` request-handlers to receive, validate sent tokens:\r\n\r\n.. code:: py\r\n\r\n    @flask_app.route('/test', methods=['POST'])\r\n    @xsrf_handler.handle_token()\r\n    def test_post():\r\n      return Response('success')\r\n\r\n ##### TO SUMMARIZE\r\n\r\nthat's all there is to it. please feel free to contact me\r\ngn@gregorynicholas.com or to `submit an issue on\r\ngithub <https://github.com/gregorynicholas/flask-xsrf/issues>`__ for any\r\nquestions or help. however, creating a fork and submitting pull-requests\r\nare much preferred. contributions will be very much appreciated.\r\n\r\nCONTRIBUTING\r\n~~~~~~~~~~~~\r\n\r\n**STAR, FORK THIS PROJECT**\r\n\r\n+--------------------+--------------------+\r\n| ``github forks``   | ``github stars``   |\r\n+====================+====================+\r\n| |github forks|     | |github stars|     |\r\n+--------------------+--------------------+\r\n\r\nTODOs\r\n^^^^^\r\n\r\n-  add feature: enable checking of referer headers / client ip-address\r\n-  remove hard-coded dependency / usage of ``session``.\r\n-  add feature: enable storage of tokens in cookie.\r\n\r\n   -  this might help ease implementation, as the client would not have\r\n      to manually manage passing of tokens to server.\r\n\r\n.. |flask| image:: https://cloud.githubusercontent.com/assets/407650/15803510/2d4f594a-2a96-11e6-86e0-802592e17aca.png\r\n   :target: http://flask.pocoo.org\r\n.. |python| image:: https://cloud.githubusercontent.com/assets/407650/15803508/24d88944-2a96-11e6-9912-c696d9fc3912.png\r\n   :target: http://www.python.org\r\n.. |csrf| image:: https://cloud.githubusercontent.com/assets/407650/15803506/1c76e002-2a96-11e6-881e-969ef407839a.png\r\n   :target: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)\r\n.. |travis-ci (build-status): master| image:: https://secure.travis-ci.org/gregorynicholas/flask-xsrf.svg?branch=master\r\n   :target: https://travis-ci.org/gregorynicholas/flask-xsrf/builds\r\n.. |travis-ci (build-status): develop| image:: https://secure.travis-ci.org/gregorynicholas/flask-xsrf.svg?branch=develop\r\n   :target: https://travis-ci.org/gregorynicholas/flask-xsrf/builds\r\n.. |coveralls.io (coverage-status): master| image:: https://coveralls.io/repos/github/gregorynicholas/flask-xsrf/badge.svg?branch=master\r\n   :target: https://coveralls.io/github/gregorynicholas/flask-xsrf?branch=master\r\n.. |coveralls.io (coverage-status): develop| image:: https://coveralls.io/repos/github/gregorynicholas/flask-xsrf/badge.svg?branch=develop\r\n   :target: https://coveralls.io/github/gregorynicholas/flask-xsrf?branch=develop\r\n.. |landscape (code-health): master| image:: https://landscape.io/github/gregorynicholas/flask-xsrf/master/landscape.svg?style=flat-square\r\n   :target: https://landscape.io/github/gregorynicholas/flask-xsrf/master\r\n.. |landscape: (code-health): develop| image:: https://landscape.io/github/gregorynicholas/flask-xsrf/develop/landscape.svg?style=flat-square\r\n   :target: https://landscape.io/github/gregorynicholas/flask-xsrf/develop\r\n.. |github tags| image:: https://img.shields.io/github/tag/gregorynicholas/flask-xsrf.svg?maxAge=2592000?style=flat-square\r\n   :target: https://github.com/gregorynicholas/flask-xsrf/tags\r\n.. |github releases: all| image:: https://img.shields.io/github/downloads/atom/atom/total.svg?maxAge=2592000?style=flat-square\r\n   :target: https://github.com/gregorynicholas/flask-xsrf/releases\r\n.. |github releases: latest| image:: https://img.shields.io/github/downloads/gregorynicholas/flask-xsrf/1.0.2/total.svg?maxAge=2592000?style=flat-square\r\n   :target: https://github.com/gregorynicholas/flask-xsrf/releases/latest\r\n.. |pypi releases: latest| image:: https://img.shields.io/pypi/v/flask-xsrf.svg\r\n   :target: https://pypi.python.org/pypi/flask-xsrf\r\n.. |pypi - downloads| image:: https://img.shields.io/pypi/dm/flask-xsrf.svg\r\n   :target: https://pypi.python.org/pypi/flask-xsrf\r\n.. |PyPI| image:: https://img.shields.io/pypi/dm/Django.svg?maxAge=2592000?style=flat-square\r\n   :target: https://github.com/gregorynicholas/flask-xsrf\r\n.. |PyPI| image:: https://img.shields.io/pypi/dw/Django.svg?maxAge=2592000?style=flat-square\r\n   :target: https://github.com/gregorynicholas/flask-xsrf\r\n.. |PyPI| image:: https://img.shields.io/pypi/dd/Django.svg?maxAge=2592000?style=flat-square\r\n   :target: https://github.com/gregorynicholas/flask-xsrf\r\n.. |github forks| image:: https://img.shields.io/github/forks/gregorynicholas/flask-xsrf.svg?style=social&label=Fork&maxAge=2592000?style=flat-square\r\n   :target: https://github.com/gregorynicholas/flask-xsrf/fork\r\n.. |github stars| image:: https://img.shields.io/github/stars/gregorynicholas/flask-xsrf.svg?style=social&label=Star&maxAge=2592000?style=flat-square\r\n   :target: https://github.com/gregorynicholas/flask-xsrf/stargazers",
        "description_content_type": null,
        "docs_url": null,
        "download_url": "https://github.com/gregorynicholas/flask-xsrf/archive/master.zip",
        "downloads": {
            "last_day": -1,
            "last_month": -1,
            "last_week": -1
        },
        "home_page": "http://github.com/gregorynicholas/flask-xsrf",
        "keywords": "",
        "license": "MIT",
        "maintainer": "",
        "maintainer_email": "",
        "name": "flask-xsrf",
        "package_url": "https://pypi.org/project/flask-xsrf/",
        "platform": "any",
        "project_url": "https://pypi.org/project/flask-xsrf/",
        "project_urls": {
            "Download": "https://github.com/gregorynicholas/flask-xsrf/archive/master.zip",
            "Homepage": "http://github.com/gregorynicholas/flask-xsrf"
        },
        "release_url": "https://pypi.org/project/flask-xsrf/1.0.2/",
        "requires_dist": null,
        "requires_python": null,
        "summary": "flask extension for defending against cross-site request forgery attacks (xsrf/csrf), by protecting flask endpoints with uniquely generated tokens for each request.",
        "version": "1.0.2"
    },
    "last_serial": 2157888,
    "releases": {
        "1.0.0": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "5f1d00b2741c3e842e9beb66d7177e6f",
                    "sha256": "63da48b290fbdd1767fa092689a2c7cd9b7d3f923f3089683c09f69292008d29"
                },
                "downloads": -1,
                "filename": "flask-xsrf-1.0.0.tar.gz",
                "has_sig": false,
                "md5_digest": "5f1d00b2741c3e842e9beb66d7177e6f",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 3620,
                "upload_time": "2013-01-15T01:54:25",
                "url": "https://files.pythonhosted.org/packages/af/7e/7b5f6d698e3b6f74a768c3932072d49b1a19e4d39b2242f44d0777576c26/flask-xsrf-1.0.0.tar.gz"
            }
        ],
        "1.0.1": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "89c42c467d29bb083f20d4dcb72b3c6f",
                    "sha256": "f4ad3e72b808a93a992d225e53e6fed01f205ab6572e69befddc40167f155d92"
                },
                "downloads": -1,
                "filename": "flask-xsrf-1.0.1.tar.gz",
                "has_sig": false,
                "md5_digest": "89c42c467d29bb083f20d4dcb72b3c6f",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 3644,
                "upload_time": "2013-03-17T01:38:20",
                "url": "https://files.pythonhosted.org/packages/09/5b/e90a4af943fc9772b4d1834de0d95fcd9d679b98703d90acfd2b6ec0e43c/flask-xsrf-1.0.1.tar.gz"
            }
        ],
        "1.0.2": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "bd62c6a100d5a07d6902230ed62fe2dc",
                    "sha256": "20f448d8d01b129a3a38c4422c537081e0e58eb808506d9e1aea563ba962737c"
                },
                "downloads": -1,
                "filename": "flask-xsrf-1.0.2.tar.gz",
                "has_sig": false,
                "md5_digest": "bd62c6a100d5a07d6902230ed62fe2dc",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 6412,
                "upload_time": "2016-02-29T20:39:58",
                "url": "https://files.pythonhosted.org/packages/f7/69/54d6356f2590e9b5fb2a0e9589928a2c2ea3fa242ae650090d301a11d205/flask-xsrf-1.0.2.tar.gz"
            }
        ]
    },
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "md5": "bd62c6a100d5a07d6902230ed62fe2dc",
                "sha256": "20f448d8d01b129a3a38c4422c537081e0e58eb808506d9e1aea563ba962737c"
            },
            "downloads": -1,
            "filename": "flask-xsrf-1.0.2.tar.gz",
            "has_sig": false,
            "md5_digest": "bd62c6a100d5a07d6902230ed62fe2dc",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 6412,
            "upload_time": "2016-02-29T20:39:58",
            "url": "https://files.pythonhosted.org/packages/f7/69/54d6356f2590e9b5fb2a0e9589928a2c2ea3fa242ae650090d301a11d205/flask-xsrf-1.0.2.tar.gz"
        }
    ]
}