Metadata-Version: 2.1
Name: Flask-SecurityTxt
Version: 1.3.3
Summary: Generate security.txt for Flask-based apps.
Author-email: "M. P. van de Weerd" <michael@parcifal.dev>
License: LICENCE
Project-URL: Homepage, https://gitlab.com/parcifal/flask-security-txt
Project-URL: Bug Tracker, https://gitlab.com/parcifal/flask-security-txt/-/issues
Keywords: web,security,security.txt
Classifier: Development Status :: 5 - Production/Stable
Classifier: Environment :: Web Environment
Classifier: Framework :: Flask
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
Description-Content-Type: text/markdown
License-File: LICENCE

# Flask-SecurityTxt

Flask-SecurityTxt allows you to generate a security.txt-file for your 
Flask-based app using minimal configuration. The following values are 
automatically generated by default:

 - `Contact`
 - `Expires`
 - `Canonical`

In case your app uses Flask-Babel, the `Preferred languages` field is derived 
from that. Generating a signed security.txt is also possible. To do so, simply
supply Flask-SecurityTxt with a PGP private key.

## Installation

```bash
pip install flask-securitytxt
```

## Example

```python
from flask import Flask
from flask_security_txt import SecurityTxt

app = Flask(__name__)
security_txt = SecurityTxt(app)
```

## Configuration

| Property                           | Type                | Default                 | Description                                                                                                                                                                                                                                                                              |
|------------------------------------|---------------------|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `SECURITY_TXT_ENDPOINT`            | `str`               | `"security_txt"`        | The name by which the end-point will be known to the Flask-app.                                                                                                                                                                                                                          |
| `WELL_KNOWN_DIR`                   | `str`               | `".well-known"`         | The name of the directory that will contain the security.txt file.                                                                                                                                                                                                                       |
| `SECURITY_TXT_FILE_NAME`           | `str`               | `"security.txt"`        | The name of the security.txt file.                                                                                                                                                                                                                                                       |
| `SECURITY_TXT_SIGN_KEY`            | `str`               | `None`                  | The name of a file containing a GPG-key used for signing the security.txt file.                                                                                                                                                                                                          |
| `SECURITY_TXT_CONTACT`             | `str` `Iterable`    | `None`                  | The value of the `contact` field. An `Iterable` type value will result in multiple `contact` fields. The `contact` field value is automatically generated using `SECURITY_TXT_CONTACT_LOCAL_PART` if `None`.                                                                             |
| `SECURITY_TXT_CONTACT_MAILBOX`     | `str`               | `"security"`            | The local part of the automatically generated `contact` email address. Only used if `SECURITY_TXT_CONTACT` is `None`.                                                                                                                                                                    |
| `SECURITY_TXT_EXPIRES`             | `str` `datetime`    | `None`                  | The value of the `expires` field. A `datetime` type value will result in a ISO-formatted timestamp string. The `expires` field value is automatically generated using `SECURITY_TXT_OFFSET` if `None`.                                                                                   |
| `SECURITY_TXT_EXPIRES_OFFSET`      | `tuple` `timedelta` | `(0, 0, 0, 0, 0, 0, 1)` | The offset to be applied to `datetime.now()` in order to automatically generate the value of the `expires` field. A `tuple` type will be unpacked and passed to the `timedelta` constructor, which interprets it as days, seconds, microseconds, milliseconds, minutes, hours and weeks. |
| `SECURITY_TXT_ENCRYPTION`          | `str` `Iterable`    | `None`                  | The value of the `encryption` field. An `Iterable` type value will result in multiple `encryption` fields, a value of `None` will omit the `encryption` field.                                                                                                                           |
| `SECURITY_TXT_ACKNOWLEDGMENTS`     | `str` `Iterable`    | `None`                  | The value of the `acknowledgments` field. An `Iterable` type value will result in multiple `acknowledgments` fields, a value of `None` will omit the `acknowledgments` field.                                                                                                            |
| `SECURITY_TXT_PREFERRED_LANGUAGES` | `str` `Iterable`    | `None`                  | The value of the `languages` field. An `Iterable` type value will result in a comma-separated string. The `languages` field value is attempted to be automatically generated using the available translations listed by the `Flask-Babel` extension if `None`.                           |
| `SECURITY_TXT_CANONICAL`           | `str`               | `None`                  | The value of the `canonical` field. The `canonical` field value is automatically generated using a HTTPS-scheme, the host-name of the current request and the URL associated with the security.txt end-point, as named in `SECURITY_TXT_ENDPOINT`.                                       |
| `SECURITY_TXT_POLICY`              | `str` `Iterable`    | `None`                  | The value of the `policy` field. An `Iterable` type value will result in multiple `policy` fields, a value of `None` will omit the `policy` field.                                                                                                                                       |
| `SECURITY_TXT_HIRING`              | `str` `Iterable`    | `None`                  | The value of the `hiring` field. An `Iterable` type value will result in multiple `hiring` fields, a value of `None` will omit the `hiring` field.                                                                                                                                       |

For each property that directly controls that value of a field, a comment can
be added on the preceding line(s) by configuring the property name 
`SECURITY_TXT_<PROPERTY>_COMMENT`. Note that it is up to the developer to
optionally add whitespace and prepend each line of the comment with a `#`.
