chihlasm/resolutionflow
1
0
Fork 0
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat: add security headers middleware with report-only CSP

Browse Source 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
chihlasm
2026-03-18 02:38:42 +00:00
parent 24acfc9a45
commit 2f18056fd1
4 changed files with 130 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/app/main.py
View File

@@ -28,6 +28,7 @@ if settings.SENTRY_DSN:
from app.core.database import init_db, async_session_maker
from app.core.logging_config import setup_logging
from app.core.middleware import RequestLoggingMiddleware, ErrorLoggingMiddleware
from app.core.security_headers import SecurityHeadersMiddleware
from app.core.rate_limit import limiter
from app.api.router import api_router
from app.core.scheduler import scheduler, load_all_schedules, _cleanup_expired_ai_conversations
@@ -234,6 +235,9 @@ else:
expose_headers=["X-Redaction-Mode", "X-Redaction-Summary"],
)
# Add security headers middleware (after CORS so preflight responses work)
app.add_middleware(SecurityHeadersMiddleware)
# Include API router
app.include_router(api_router, prefix=settings.API_V1_PREFIX)