@@ -570,6 +570,33 @@ (define-public python-asgiref
WSGI. This package includes libraries for implementing ASGI servers.")
(license license:bsd-3)))
+(define-public python-asgi-csrf
+ (package
+ (name "python-asgi-csrf")
+ (version "0.9")
+ (source (origin
+ (method url-fetch)
+ (uri (pypi-uri "asgi-csrf" version))
+ (sha256
+ (base32
+ "06klgxfxzjfkyjky3rkvmf2r07r7r2my53qq7g9qy6mcmvfkp7bf"))))
+ (build-system python-build-system)
+ (propagated-inputs (list python-itsdangerous python-multipart))
+ (native-inputs (list python-asgi-lifespan
+ python-httpx
+ python-pytest
+ python-pytest-asyncio
+ python-pytest-cov
+ python-starlette))
+ (home-page "https://github.com/simonw/asgi-csrf")
+ (synopsis "ASGI middleware for protecting against CSRF attacks")
+ (description "This Asynchronous Server Gateway Interface (ASGI)
+middleware protects against Cross-site request forgery (CSRF) attacks.
+It implements the Double Submit Cookie pattern, where a cookie is set
+that is then compared to a @code{csrftoken} hidden form field or a
+@code{x-csrftoken} HTTP header.")
+ (license license:asl2.0)))
+
(define-public python-asgi-lifespan
(package
(name "python-asgi-lifespan")