Spaces:
Running
Running
Added HTTP Security Headers, for more security
Browse files- backend/app/middleware/security_headers.py +15 -0
- backend/main.py +11 -19
backend/app/middleware/security_headers.py
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
from fastapi import Request
|
| 2 |
+
from starlette.middleware.base import BaseHTTPMiddleware
|
| 3 |
+
|
| 4 |
+
class SecurityHeadersMiddleware(BaseHTTPMiddleware):
|
| 5 |
+
async def dispatch(self, request: Request, call_next):
|
| 6 |
+
response = await call_next(request)
|
| 7 |
+
|
| 8 |
+
response.headers["X-Content-Type-Options"] = "nosniff"
|
| 9 |
+
response.headers["X-Frame-Options"] = "DENY"
|
| 10 |
+
response.headers["X-Content-Security-Policy"] = "default-src 'self'"
|
| 11 |
+
response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains"
|
| 12 |
+
|
| 13 |
+
return response
|
| 14 |
+
|
| 15 |
+
|
backend/main.py
CHANGED
|
@@ -1,5 +1,4 @@
|
|
| 1 |
-
from
|
| 2 |
-
from fastapi import FastAPI, APIRouter
|
| 3 |
from contextlib import asynccontextmanager
|
| 4 |
from slowapi import _rate_limit_exceeded_handler
|
| 5 |
from slowapi.errors import RateLimitExceeded
|
|
@@ -14,8 +13,7 @@ from app.api.metric_routes import router as metrics_router
|
|
| 14 |
from app.core.logging_middleware import APILoggingMiddleware
|
| 15 |
from app.api.user_routes import router as user_router
|
| 16 |
from app.core.limiter import limiter
|
| 17 |
-
from
|
| 18 |
-
from app.core.exceptions import add_global_exception_handlers
|
| 19 |
|
| 20 |
@asynccontextmanager
|
| 21 |
async def lifespan(app: FastAPI):
|
|
@@ -27,24 +25,18 @@ app = FastAPI(
|
|
| 27 |
lifespan=lifespan
|
| 28 |
)
|
| 29 |
|
| 30 |
-
add_global_exception_handlers(app)
|
| 31 |
-
|
| 32 |
app.state.limiter = limiter
|
| 33 |
-
|
| 34 |
-
|
| 35 |
-
|
| 36 |
-
|
| 37 |
-
|
| 38 |
-
|
| 39 |
-
|
| 40 |
-
api_v1_router.include_router(feedback_router)
|
| 41 |
-
api_v1_router.include_router(admin_router)
|
| 42 |
-
api_v1_router.include_router(metrics_router)
|
| 43 |
-
|
| 44 |
-
app.include_router(api_v1_router)
|
| 45 |
app.add_middleware(APILoggingMiddleware)
|
|
|
|
| 46 |
app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
|
| 47 |
-
app.add_middleware(
|
| 48 |
|
| 49 |
@app.get("/")
|
| 50 |
def home():
|
|
|
|
| 1 |
+
from fastapi import FastAPI
|
|
|
|
| 2 |
from contextlib import asynccontextmanager
|
| 3 |
from slowapi import _rate_limit_exceeded_handler
|
| 4 |
from slowapi.errors import RateLimitExceeded
|
|
|
|
| 13 |
from app.core.logging_middleware import APILoggingMiddleware
|
| 14 |
from app.api.user_routes import router as user_router
|
| 15 |
from app.core.limiter import limiter
|
| 16 |
+
from app.middleware.security_headers import SecurityHeadersMiddleware
|
|
|
|
| 17 |
|
| 18 |
@asynccontextmanager
|
| 19 |
async def lifespan(app: FastAPI):
|
|
|
|
| 25 |
lifespan=lifespan
|
| 26 |
)
|
| 27 |
|
|
|
|
|
|
|
| 28 |
app.state.limiter = limiter
|
| 29 |
+
app.include_router(profile_router)
|
| 30 |
+
app.include_router(user_router)
|
| 31 |
+
app.include_router(auth_router)
|
| 32 |
+
app.include_router(file_router)
|
| 33 |
+
app.include_router(feedback_router)
|
| 34 |
+
app.include_router(admin_router)
|
| 35 |
+
app.include_router(metrics_router)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 36 |
app.add_middleware(APILoggingMiddleware)
|
| 37 |
+
app.include_router(profile_router)
|
| 38 |
app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
|
| 39 |
+
app.add_middleware(SecurityHeadersMiddleware)
|
| 40 |
|
| 41 |
@app.get("/")
|
| 42 |
def home():
|