GNU bug report logs - #60838
[PATCH 0/8] Add datasette and python-sqlite-utils.

Previous Next

Package: guix-patches;

Reported by: Felix Gruber <felgru <at> posteo.net>

Date: Sun, 15 Jan 2023 21:49:01 UTC

Severity: normal

Tags: patch

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #77 received at 60838 <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Felix Gruber <felgru <at> posteo.net>
Cc: 60838 <at> debbugs.gnu.org
Subject: Re: bug#60838: [PATCH 0/8] Add datasette and python-sqlite-utils.
Date: Tue, 21 Mar 2023 21:19:38 -0400

Hi,

Felix Gruber <felgru <at> posteo.net> writes:

> * gnu/packages/python-web.scm (python-asgi-csrf): New variable.
> ---
>  gnu/packages/python-web.scm | 25 +++++++++++++++++++++++++
>  1 file changed, 25 insertions(+)
>
> diff --git a/gnu/packages/python-web.scm b/gnu/packages/python-web.scm
> index 83e7d77da8..8c172d64c9 100644
> --- a/gnu/packages/python-web.scm
> +++ b/gnu/packages/python-web.scm
> @@ -570,6 +570,31 @@ (define-public python-asgiref
>  WSGI.  This package includes libraries for implementing ASGI servers.")
>      (license license:bsd-3)))
>  
> +(define-public python-asgi-csrf
> +  (package
> +    (name "python-asgi-csrf")
> +    (version "0.9")
> +    (source (origin
> +              (method url-fetch)
> +              (uri (pypi-uri "asgi-csrf" version))
> +              (sha256
> +               (base32
> +                "06klgxfxzjfkyjky3rkvmf2r07r7r2my53qq7g9qy6mcmvfkp7bf"))))
> +    (build-system python-build-system)
> +    (propagated-inputs (list python-itsdangerous python-multipart))
> +    (native-inputs (list python-asgi-lifespan
> +                         python-httpx
> +                         python-pytest
> +                         python-pytest-asyncio
> +                         python-pytest-cov
> +                         python-starlette))
> +    (home-page "https://github.com/simonw/asgi-csrf")
> +    (synopsis "ASGI middleware for protecting against CSRF attacks")
> +    (description "This middleware implements the Double Submit Cookie
> +pattern, where a cookie is set that is then compared to a csrftoken
> +hidden form field or a x-csrftoken HTTP header.")
> +    (license license:asl2.0)))

Please define ASGI and CSRF in full, at least in the description.
I'd also adorn the 'csrftoken' and 'x-csrftoken' words with @code.

-- 
Thanks,
Maxim
This bug report was last modified 2 years and 50 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.