Release v0.8.0

[Jonakemon]

Once #7 is done, we can release v0.8.0. Release should be done by adding a new release in Github; you can add this changelog to the release notes. Alternatively, give me a 👍 and I'll make the release once you approved of the PR.

v0.8.0

Changes

• object-src is now a default CSP directive with value 'none'. @QEDK (Set object-src to none by default #2)
• Document Policy and Permissions Policy are now supported. @tunetheweb (Add Permissions-Policy and Document-Policy, disable FLoC by default #3)
• The ingest cohort directive for Permissions Policy is by default turned off (Add Permissions-Policy and Document-Policy, disable FLoC by default #3)
• You can now disable the X-Content-Type-Options and X-XSS-Protection headers. By default they're turned on. @ezelbanaan (Adds the option to disable the x-content-type-options header  #4)
• You can now specify SameSite attributes for session cookies; by default that's set to Lax. @tylersalminen Implement default session cookie samesite attribute as Lax #5
• You can now customize nonce configuration per view / route. @tunetheweb (Allow per-view CSP nonce configuration  #6)
• The length of the CSP nonce is now properly limited. @tunetheweb
• Removed the legacy X-Content-Security-Policy header and its associated option, legacy_content_security_policy_header.

For maintainers

• Moved CI / CD to Github Actions from Travis (Add newer Python versions to test, update Python version for linting to 3.9 and add Gh Actions for CI #1)
• Removed Python 3.4 from CI (Add newer Python versions to test, update Python version for linting to 3.9 and add Gh Actions for CI #1)
• Increased line length to 120 (Add newer Python versions to test, update Python version for linting to 3.9 and add Gh Actions for CI #1)

[QEDK]

Appreciate the work! 🚀

[tunetheweb]

There were a few other changes merged to the Google branch after the 0.7.0 release that should probably be mentioned in the 0.8.0 release notes since they will be included in this. The main ones were:

• Restrict CSP NONCE to correct length GoogleCloudPlatform/flask-talisman#56
• Remove X-Content-Security-Policy GoogleCloudPlatform/flask-talisman#60

Plus a few minor clean ups that maybe aren’t worth mentioning.

[theacodes]

I added those to the changelog above.