Bug#1042561: ITP: asgi-csrf -- ASGI middleware for protecting against CSRF attacks

2023-07-30 Thread Edward Betts 
Package: wnpp
Severity: wishlist
Owner: Edward Betts 
X-Debbugs-Cc: debian-devel@lists.debian.org, debian-pyt...@lists.debian.org

* Package name: asgi-csrf
  Version : 0.9
  Upstream Author : Simon Willison
* URL : https://github.com/simonw/asgi-csrf
* License : Apache-2.0
  Programming Lang: Python
  Description : ASGI middleware for protecting against CSRF attacks

  Python library that provides Cross-Site Request Forgery (CSRF) protection
  for ASGI (Asynchronous Server Gateway Interface) applications. It helps
  secure web applications from CSRF attacks by adding middleware that
  validates and protects against unauthorized requests.
  .
  Features:
  .
- Adds CSRF protection to ASGI applications.
- Supports popular ASGI frameworks like FastAPI and Starlette.
- Integrates seamlessly into existing ASGI application pipelines.
- Provides configurable settings for token generation and validation.
- Allows for exclusion of specific routes or URLs from CSRF protection.
- Ensures stateless and secure CSRF protection in asynchronous web
  environments.
  .
  CSRF attacks are a common security concern for web applications, and the
  asgi-csrf library aims to provide a straightforward solution for adding
  protection to ASGI-based applications, ensuring that users' interactions
  are safe and authenticated.

I plan to maintain this package as part of the Python team.

Re: Help with the nftables package: the embedded python module

2023-07-30 Thread Jeremy Sowden 
On 2023-07-28, at 18:59:45 +0200, Timo Röhling wrote:
> * Arturo Borrero Gonzalez  [2023-07-28 18:38]:
> > I would appreciate additional suggestions and hints. Patches welcome.
>
> If you have bad interactions between the Python and non-Python parts
> of your package, you can try and build them independently, i.e.,
> 
> override_dh_auto_build:
> dh_auto_build --package=python3-nftables --sourcedirectory=py 
> --buildsystem=pybuild
>   dh_auto_build --remaining-packages
> 
> and similar for the other dh_auto_* commands. I did something like
> that for tinyobjloader and it worked quite nicely.

Thanks for the pointer, Timo.  This does seem to do the trick.

Arturo, I'll push the changes to Salsa.

J.


signature.asc
Description: PGP signature