From 23c48234daf953fafa6cff034bac943243de4ad4 Mon Sep 17 00:00:00 2001 From: David Buxton Date: Fri, 6 Oct 2023 14:08:48 +0100 Subject: [PATCH] Fix compatibility with Flask 3 - Require Flask 2.x or later. - Pin Flask-Seasurf to GitHub commit. - Add Python 3.11, remove 3.7 from test matrix. - Fix headers test for latest Flask-Talisman changes. --- .github/workflows/ci.yaml | 2 +- noxfile.py | 6 ++++-- requirements.txt | 4 ++-- src/securescaffold/tests/test_factory.py | 2 +- 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 55e470e..6aa431f 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -5,7 +5,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - python-version: ['3.7', '3.8', '3.9', '3.10'] + python-version: ['3.8', '3.9', '3.10', '3.11'] steps: - uses: actions/checkout@v3 - uses: actions/setup-python@v4 diff --git a/noxfile.py b/noxfile.py index 9c5c7fa..2b0977b 100644 --- a/noxfile.py +++ b/noxfile.py @@ -18,8 +18,10 @@ nox.options.default_venv_backend = "venv" -@nox.session(python=["3.7", "3.8", "3.9", "3.10"]) -def tests(session): +@nox.session(python=["3.8", "3.9", "3.10", "3.11"]) +@nox.parametrize("flask", ["2", "3"]) +def tests(session, flask): session.install("pytest") + session.install(f"flask~={flask}.0") session.install(".") session.run("pytest", "--disable-warnings") diff --git a/requirements.txt b/requirements.txt index 3b74d59..5536f21 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -Flask +Flask>=2.0 flask-talisman -flask-seasurf +flask-seasurf @ https://github.com/maxcountryman/flask-seasurf/archive/f383b482c69e0b0e8064a8eb89305cea3826a7b6.zip google-cloud-ndb diff --git a/src/securescaffold/tests/test_factory.py b/src/securescaffold/tests/test_factory.py index 709197d..c2d6ad4 100644 --- a/src/securescaffold/tests/test_factory.py +++ b/src/securescaffold/tests/test_factory.py @@ -81,7 +81,7 @@ def test_create_app_adds_other_security_headers(ndb_client): assert response.headers["Referrer-Policy"] == "strict-origin-when-cross-origin" assert response.headers["X-Content-Type-Options"] == "nosniff" assert response.headers["X-Frame-Options"] == "SAMEORIGIN" - assert response.headers["X-Xss-Protection"] == "1; mode=block" + assert "X-Xss-Protection" not in response.headers def test_extra_flask_args(ndb_client):