Spaces:
Sleeping
Sleeping
| from __future__ import annotations | |
| from fastapi import FastAPI | |
| from starlette.middleware.base import BaseHTTPMiddleware | |
| from starlette.requests import Request | |
| from starlette.responses import Response | |
| class SecurityHeadersMiddleware(BaseHTTPMiddleware): | |
| async def dispatch(self, request: Request, call_next): | |
| response: Response = await call_next(request) | |
| response.headers["X-Content-Type-Options"] = "nosniff" | |
| response.headers["X-Frame-Options"] = "DENY" | |
| response.headers["X-XSS-Protection"] = "1; mode=block" | |
| response.headers["Referrer-Policy"] = "strict-origin-when-cross-origin" | |
| response.headers["Content-Security-Policy"] = ( | |
| "default-src 'self'; " | |
| "script-src 'self'; " | |
| "style-src 'self' 'unsafe-inline'; " | |
| "img-src 'self' data: https:; " | |
| "font-src 'self'; " | |
| "connect-src 'self' https:; " | |
| "frame-ancestors 'none'; " | |
| ) | |
| return response | |
| def setup_security_headers(app: FastAPI) -> None: | |
| app.add_middleware(SecurityHeadersMiddleware) | |