From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id 4Gq6CdxXGmTnAwEASxT56A (envelope-from ) for ; Wed, 22 Mar 2023 02:20:28 +0100 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id MIvwCNxXGmQFggEAG6o9tA (envelope-from ) for ; Wed, 22 Mar 2023 02:20:28 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id DFAC91F7E8 for ; Wed, 22 Mar 2023 02:20:27 +0100 (CET) Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=hGnlbVXI; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1679448027; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=NqE6fxSQGI7+KJdtJvej1kx1pru/Zhtxqd88XrzPRj8=; b=sCq+9VGVwFUfkyr83VUKZcZdvo+Hnee9dLeG88O8pTrP5KNXpedF6KrEFqUjcoCrFKjPzH UiyCvcxtiq5KmPnJK2PisnN5hG5JZ1o6pvxvKyL97p0n0C4pHqnrpbyLmHgMS1959uIByA yRe3CgpuLVgsUITHOAhurz/1MPwpmX9ftxXWQKImewixlMAK4ffpOgFzmVVVXSHBLcrSvL z9v2XTV0pcXfibs5CmassA+EPhZ3CTGw6UJwDnXLs7lZahbuuGv4vFmDMYkuentUgg5Wx9 FR2KpqnXPHhPsqf8ruK0VjHbRQhLno6LQh2qImtm36wD5mZiegH8oKC11Up0MQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=hGnlbVXI; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1679448027; a=rsa-sha256; cv=none; b=XdCPfBXIZdfajfzETnA+xfHTB/PPM2ITQLfu0HgZgBDnfR0ofZKNc8Kb8dZzgOjyy0S7js t/ZTGFbeaacvbXyohFaxHJMd+QwTAjcCpkplrHwsJk2KZNIna8v4BRtefH0QSzonhwTute G5VNL4uCIlddF9mhh3kMPxR2YoLRcPoEPENdKqLdyiq0K/3Teu/+eBvrzZd1Z2VmK7CG26 A8BZAoJ1UFPCvAE9faHPSnm+sKef0YlOz0qScapL6Ih88p/2pERLcPJFtCYnIifT5akKbE BrX7n5QC3uh153Tqq9Y+qldaD/38fKi6XSPWgc4ie38Fc2V5DrAwGolRchJ1BA== Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pen93-0007ej-R7; Tue, 21 Mar 2023 21:20:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pen91-0007eR-Se for guix-patches@gnu.org; Tue, 21 Mar 2023 21:20:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pen90-0006Jq-B9 for guix-patches@gnu.org; Tue, 21 Mar 2023 21:20:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pen90-0003CV-0z for guix-patches@gnu.org; Tue, 21 Mar 2023 21:20:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#60838] [PATCH 0/8] Add datasette and python-sqlite-utils. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 22 Mar 2023 01:20:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 60838 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Felix Gruber Cc: 60838@debbugs.gnu.org Received: via spool by 60838-submit@debbugs.gnu.org id=B60838.167944799012275 (code B ref 60838); Wed, 22 Mar 2023 01:20:01 +0000 Received: (at 60838) by debbugs.gnu.org; 22 Mar 2023 01:19:50 +0000 Received: from localhost ([127.0.0.1]:33007 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pen8o-0003Bv-AG for submit@debbugs.gnu.org; Tue, 21 Mar 2023 21:19:50 -0400 Received: from mail-lf1-f50.google.com ([209.85.167.50]:46805) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pen8m-0003Bg-Fi for 60838@debbugs.gnu.org; Tue, 21 Mar 2023 21:19:49 -0400 Received: by mail-lf1-f50.google.com with SMTP id j11so21415125lfg.13 for <60838@debbugs.gnu.org>; Tue, 21 Mar 2023 18:19:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1679447982; h=mime-version:user-agent:message-id:in-reply-to:date:references :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=NqE6fxSQGI7+KJdtJvej1kx1pru/Zhtxqd88XrzPRj8=; b=hGnlbVXINDs+8zuw9ZUbxmblu6JzP+EBiItYeQbNydvj2e+mpKutJquBh/48eSP7kj SCM4j91jg1oHQICEr78Khc3/2BE9nAUzorxDJa2BGxxAE5Na6YslN/5U4mHQnvvdvyc3 JL/SLv1nQlVLTy6rV/OzfO3VM4lJRjvvDtsFCzHita9Mop+5kMcgq3EqlHd0EHgf5OP+ akIR0wcNY85134Hd7p5EGB3oDe+M24upBbxzettRFxpelUPsEv0O0LUMXjLoD1Y3cful 8ONXNI+3Wq5SwWCHwmRQ6d+9ruXG7ChHAYls4wVyWIJehV28XLwNqusWjQQAgmXvaVvt 2wgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679447982; h=mime-version:user-agent:message-id:in-reply-to:date:references :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=NqE6fxSQGI7+KJdtJvej1kx1pru/Zhtxqd88XrzPRj8=; b=EckcwjLxuE4mulZskdJoZnkgq7F3vA4m/XW9ojEFldPZ50EbmnEPLKbPS1iNnKh0KY WQZ/WzmELVSrn7FEahYcuyHplnV5YYe+c4PplSyhhtmS93YS9QuPAnoCDnweYLzvC1pU 2jP7/mHjeLXidPcyYqBo9Z16vUwGac53MgzFLV6lQlS/JiIlkuUyIxawnjtbvtM7Jvee LojSfidE28SfOk0/cF1OUH1BXj2mvKBOffL2QASvloHAbZ8CAlGpCCA+wDSmeTapgdS+ wmGUSYBwcIEZg9kLbabJ3X0M2VRslfamMXwkvioIezWlFnfbEIpdbOD3hwmHRYQVG2C8 sAUQ== X-Gm-Message-State: AO0yUKUvwRVloBDKica8wYrvE8BJJRGWmOp5yg+R7Y57tDf2za8Ac42S h8i08UIvVNRw/t5w4Ubw47UHurqz1ffvzw== X-Google-Smtp-Source: AK7set99AJsqStxX5WNG10J4CbqPWSD9YGQ9hy6zMUJvKiGCNiWk24gf6SymXzERFAPoMx99g+7Xbw== X-Received: by 2002:ac2:4462:0:b0:4db:4530:2b2d with SMTP id y2-20020ac24462000000b004db45302b2dmr1390106lfl.49.1679447981907; Tue, 21 Mar 2023 18:19:41 -0700 (PDT) Received: from hurd (dsl-10-130-195.b2b2c.ca. [72.10.130.195]) by smtp.gmail.com with ESMTPSA id f24-20020ac25338000000b004e8448de1c0sm2403106lfh.10.2023.03.21.18.19.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Mar 2023 18:19:41 -0700 (PDT) From: Maxim Cournoyer References: <20230115214753.25034-1-felgru@posteo.net> <1d28cdf8dfc8a8d9b9f593ef8efcdbe92c68f355.1679080713.git.felgru@posteo.net> Date: Tue, 21 Mar 2023 21:19:38 -0400 In-Reply-To: <1d28cdf8dfc8a8d9b9f593ef8efcdbe92c68f355.1679080713.git.felgru@posteo.net> (Felix Gruber's message of "Fri, 17 Mar 2023 19:19:20 +0000") Message-ID: <87v8itk2fp.fsf_-_@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: X-Migadu-Queue-Id: DFAC91F7E8 X-Spam-Score: -2.95 X-Migadu-Spam-Score: -2.95 X-Migadu-Scanner: scn0.migadu.com List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-TUID: FJ2oArGfeGb8 Hi, Felix Gruber writes: > * gnu/packages/python-web.scm (python-asgi-csrf): New variable. > --- > gnu/packages/python-web.scm | 25 +++++++++++++++++++++++++ > 1 file changed, 25 insertions(+) > > diff --git a/gnu/packages/python-web.scm b/gnu/packages/python-web.scm > index 83e7d77da8..8c172d64c9 100644 > --- a/gnu/packages/python-web.scm > +++ b/gnu/packages/python-web.scm > @@ -570,6 +570,31 @@ (define-public python-asgiref > WSGI. This package includes libraries for implementing ASGI servers.") > (license license:bsd-3))) > > +(define-public python-asgi-csrf > + (package > + (name "python-asgi-csrf") > + (version "0.9") > + (source (origin > + (method url-fetch) > + (uri (pypi-uri "asgi-csrf" version)) > + (sha256 > + (base32 > + "06klgxfxzjfkyjky3rkvmf2r07r7r2my53qq7g9qy6mcmvfkp7bf")))) > + (build-system python-build-system) > + (propagated-inputs (list python-itsdangerous python-multipart)) > + (native-inputs (list python-asgi-lifespan > + python-httpx > + python-pytest > + python-pytest-asyncio > + python-pytest-cov > + python-starlette)) > + (home-page "https://github.com/simonw/asgi-csrf") > + (synopsis "ASGI middleware for protecting against CSRF attacks") > + (description "This middleware implements the Double Submit Cookie > +pattern, where a cookie is set that is then compared to a csrftoken > +hidden form field or a x-csrftoken HTTP header.") > + (license license:asl2.0))) Please define ASGI and CSRF in full, at least in the description. I'd also adorn the 'csrftoken' and 'x-csrftoken' words with @code. -- Thanks, Maxim