Agently / app /api /middleware /security.py
CI Deploy
Deploy 2026-07-03 10:22 UTC
60072ac
Raw
History Blame Contribute Delete
1.1 kB
from __future__ import annotations
from fastapi import FastAPI
from starlette.middleware.base import BaseHTTPMiddleware
from starlette.requests import Request
from starlette.responses import Response
class SecurityHeadersMiddleware(BaseHTTPMiddleware):
async def dispatch(self, request: Request, call_next):
response: Response = await call_next(request)
response.headers["X-Content-Type-Options"] = "nosniff"
response.headers["X-Frame-Options"] = "DENY"
response.headers["X-XSS-Protection"] = "1; mode=block"
response.headers["Referrer-Policy"] = "strict-origin-when-cross-origin"
response.headers["Content-Security-Policy"] = (
"default-src 'self'; "
"script-src 'self'; "
"style-src 'self' 'unsafe-inline'; "
"img-src 'self' data: https:; "
"font-src 'self'; "
"connect-src 'self' https:; "
"frame-ancestors 'none'; "
)
return response
def setup_security_headers(app: FastAPI) -> None:
app.add_middleware(SecurityHeadersMiddleware)