v1.1.0

What's Changed

• fix typo in permissions_policy examples by @mmmaaatttttt in #25
• Disable X-XSS protection by default by @Jonakemon in #28
• Add Permissions Policy directive browsing-topics by @bershanskiy in #24

New Contributors

• @mmmaaatttttt made their first contribution in #25

Full Changelog: v1.0.0...v1.1.0

v1.0.0

What's Changed

• Increase default nonce size by @tunetheweb in #15
• Deprecate Python 2.x support by @eelkevdbos in #17
• Add the new default directive to the README by @QEDK in #16
• Document disabling Content Security Policy by @strugee in #18
• Remove obsolete Permissions Policy directive interest-cohort by @bershanskiy in #21

New Contributors

• @QEDK made their first contribution in #16
• @strugee made their first contribution in #18
• @eelkevdbos made their first contribution in #17
• @bershanskiy made their first contribution in #21

Full Changelog: v0.8.1...v1.0.0

v0.8.1

Fixed

• CSP nonces were applied to all directives, instead of only the specified directives (#13), thanks @tunetheweb for fixing

v0.8.0

NOTE: This is the first release after the project was forked from GoogleCloudPlatform/flask-talisman.

Changes

• object-src is now a default CSP directive with value 'none'. @QEDK (#2)
• Document Policy and Permissions Policy are now supported. @tunetheweb (#3)
• The ingest cohort directive for Permissions Policy is by default turned off (#3)
• You can now disable the X-Content-Type-Options and X-XSS-Protection headers. By default they're turned on. @ezelbanaan (#4)
• You can now specify SameSite attributes for session cookies; by default that's set to Lax. @tylersalminen #5
• You can now customize nonce configuration per view / route. @tunetheweb (#6)
• The length of the CSP nonce is now properly limited. @tunetheweb
• Removed the legacy X-Content-Security-Policy header and its associated option, legacy_content_security_policy_header.

For maintainers

• Moved CI / CD to Github Actions from Travis (#1)
• Removed Python 3.4 from CI (#1)
• Increased line length to 120 (#1)