{
"info": {
"author": "Denis Krienb\u00fchl",
"author_email": "denis@href.ch",
"bugtrack_url": null,
"classifiers": [
"Intended Audience :: Developers",
"License :: OSI Approved :: BSD License",
"Programming Language :: Python",
"Programming Language :: Python :: 3",
"Topic :: Software Development :: Libraries :: Python Modules"
],
"description": "\n\nUsage\n-----\n\nTo protect all views with a default content security policy:\n\n.. code-block:: python\n\n from morepath import App\n from more.content_security import ContentSecurityApp\n from more.content_security import ContentSecurityPolicy\n from more.content_security import SELF\n\n class MyApp(App, ContentSecurityApp):\n pass\n\n @MyApp.setting('content_security_policy', 'default')\n def default_policy():\n return ContentSecurityPolicy(\n default_src={SELF},\n script_src={SELF, 'https://analytics.example.org'}\n )\n\nTo extend the default policy for the default view of a model:\n\n.. code-block:: python\n\n @MyApp.view(model=Document)\n def view_document(self, request):\n\n # the actual default policy is not modified here!\n request.content_security_policy.script_src.add('https://cdnjs.com')\n\n ....\n\nWe can also use a completely different policy:\n\n.. code-block:: python\n\n @MyApp.view(model=Document)\n def view_document(self, request):\n request.content_security_policy = ContentSecurityPolicy()\n\nAdditionally, we can use nonces in inline scripty/stylesheets. Those will\nautomatically be added to the 'script-src', 'style-src' directives:\n\n.. code-block:: python\n\n @MyApp.html(model=Document)\n def view_document(self, request):\n return \"\"\"\n \n ...\n\n \n \n \"\"\".format(request.content_security_policy_nonce('script'))\n\nNote that we use a custom request class for nonces. If you have your own,\nyou need to extend it as follows:\n\n.. code-block:: python\n\n from morepath.request import Request\n from more.content_security import ContentSecurityRequest\n\n class CustomRequest(Request, ContentSecurityRequest):\n pass\n\n class MyApp(App, ContentSecurityApp):\n request_class = CustomRequest\n\nTo only use the 'Content-Security-Policy-Report-Only' header, use this:\n\n.. code-block:: python\n\n @MyApp.setting('content_security_policy', 'default')\n def default_policy():\n return ContentSecurityPolicy(\n report_only=True,\n default_src={SELF}\n )\n\nRun the Tests\n-------------\n\nInstall tox and run it::\n\n pip install tox\n tox\n\nLimit the tests to a specific python version::\n\n tox -e py27\n\nConventions\n-----------\n\nmore.content_security follows PEP8 as close as possible. To test for it run::\n\n tox -e pep8\n\nmore.content_security uses `Semantic Versioning `_\n\nBuild Status\n------------\n\n.. image:: https://travis-ci.org/morepath/more.content_security.png\n :target: https://travis-ci.org/morepath/more.content_security\n :alt: Build Status\n\nCoverage\n--------\n\n.. image:: https://coveralls.io/repos/morepath/more.content_security/badge.png?branch=master\n :target: https://coveralls.io/r/morepath/more.content_security?branch=master\n :alt: Project Coverage\n\nLatest PyPI Release\n-------------------\n\n.. image:: https://badge.fury.io/py/more.content_security.svg\n :target: https://badge.fury.io/py/more.content_security\n :alt: Latest PyPI Release\n\nLicense\n-------\nmore.content_security is released unter the revised BSD license\n\nChangelog\n---------\n\n0.2.0 (2018-02-02)\n~~~~~~~~~~~~~~~~~~~~~\n\n- Adds the ability to override the policy apply function.\n [href]\n\n- Adds missing UNSAFE_EVAL constant.\n [href]\n\n0.1.0 (2018-02-01)\n~~~~~~~~~~~~~~~~~~~~~\n\n- Initial Release.\n [href]\n\n\n",
"description_content_type": null,
"docs_url": null,
"download_url": "",
"downloads": {
"last_day": -1,
"last_month": -1,
"last_week": -1
},
"home_page": "http://github.com/seantis/more.content_security",
"keywords": "",
"license": "BSD",
"maintainer": "",
"maintainer_email": "",
"name": "more.content-security",
"package_url": "https://pypi.org/project/more.content-security/",
"platform": "any",
"project_url": "https://pypi.org/project/more.content-security/",
"project_urls": {
"Homepage": "http://github.com/seantis/more.content_security"
},
"release_url": "https://pypi.org/project/more.content-security/0.2.0/",
"requires_dist": [
"morepath",
"coverage; extra == 'test'",
"pytest; extra == 'test'",
"webtest; extra == 'test'"
],
"requires_python": "",
"summary": "Content Security Policy for Morepath",
"version": "0.2.0"
},
"last_serial": 3545452,
"releases": {
"0.1.0": [
{
"comment_text": "",
"digests": {
"md5": "368d21601e2fc9340bdd8fd17c5d43da",
"sha256": "76378e408b5e12e643b231a34f76d47f193f9bec11e0d8afbbf9c9df9e7f445a"
},
"downloads": -1,
"filename": "more.content_security-0.1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "368d21601e2fc9340bdd8fd17c5d43da",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 10980,
"upload_time": "2018-02-01T15:33:00",
"url": "https://files.pythonhosted.org/packages/17/bb/eb2ad12b9073ad0bfc4b2cb646838b153f75cf7357283e789baaa42caad3/more.content_security-0.1.0-py3-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "4e7b0ee2fa66b6f239fa16d3ceb5094b",
"sha256": "a0252340accfc962059ce976d356c4bdd8366cbc7e185c5f93549cb034f5b0fb"
},
"downloads": -1,
"filename": "more.content_security-0.1.0.tar.gz",
"has_sig": false,
"md5_digest": "4e7b0ee2fa66b6f239fa16d3ceb5094b",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 6915,
"upload_time": "2018-02-01T15:33:01",
"url": "https://files.pythonhosted.org/packages/b0/1f/722e9bb4c2997492a67ffd00273ffb1b37b461b53470d99a020119491df6/more.content_security-0.1.0.tar.gz"
}
],
"0.2.0": [
{
"comment_text": "",
"digests": {
"md5": "087f4a6b81029d1289c6317e09c057a5",
"sha256": "f3c7d4a732e2e655d5e641e519713014b675a5e0bbe81f7a91e012db6b60cde3"
},
"downloads": -1,
"filename": "more.content_security-0.2.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "087f4a6b81029d1289c6317e09c057a5",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 11177,
"upload_time": "2018-02-02T12:46:29",
"url": "https://files.pythonhosted.org/packages/2b/f2/06a5a4f91787609186e991e22cfb14e05eed560cafe451772986c6bcd3c2/more.content_security-0.2.0-py3-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "739783e00247957201ad601c459bf083",
"sha256": "6a58d8213bb52acfae6399aa7ffd5f6a32e72aa76dcdbdf6394d37dce4c2f98b"
},
"downloads": -1,
"filename": "more.content_security-0.2.0.tar.gz",
"has_sig": false,
"md5_digest": "739783e00247957201ad601c459bf083",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 7045,
"upload_time": "2018-02-02T12:46:31",
"url": "https://files.pythonhosted.org/packages/57/68/dcaec1cc884a3defb15b793ab70ea0c7cb195d0a0c994b47fde2c2be54ae/more.content_security-0.2.0.tar.gz"
}
]
},
"urls": [
{
"comment_text": "",
"digests": {
"md5": "087f4a6b81029d1289c6317e09c057a5",
"sha256": "f3c7d4a732e2e655d5e641e519713014b675a5e0bbe81f7a91e012db6b60cde3"
},
"downloads": -1,
"filename": "more.content_security-0.2.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "087f4a6b81029d1289c6317e09c057a5",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 11177,
"upload_time": "2018-02-02T12:46:29",
"url": "https://files.pythonhosted.org/packages/2b/f2/06a5a4f91787609186e991e22cfb14e05eed560cafe451772986c6bcd3c2/more.content_security-0.2.0-py3-none-any.whl"
},
{
"comment_text": "",
"digests": {
"md5": "739783e00247957201ad601c459bf083",
"sha256": "6a58d8213bb52acfae6399aa7ffd5f6a32e72aa76dcdbdf6394d37dce4c2f98b"
},
"downloads": -1,
"filename": "more.content_security-0.2.0.tar.gz",
"has_sig": false,
"md5_digest": "739783e00247957201ad601c459bf083",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 7045,
"upload_time": "2018-02-02T12:46:31",
"url": "https://files.pythonhosted.org/packages/57/68/dcaec1cc884a3defb15b793ab70ea0c7cb195d0a0c994b47fde2c2be54ae/more.content_security-0.2.0.tar.gz"
}
]
}