solution_challenge_backend / backend /security_headers.py
github-actions
Deploy to Hugging Face
c794b6b
Raw
History Blame Contribute Delete
1.12 kB
"""Production security response headers."""
from __future__ import annotations
import os
from starlette.middleware.base import BaseHTTPMiddleware
from starlette.requests import Request
from starlette.responses import Response
class SecurityHeadersMiddleware(BaseHTTPMiddleware):
async def dispatch(self, request: Request, call_next) -> Response:
response = await call_next(request)
response.headers.setdefault("X-Content-Type-Options", "nosniff")
response.headers.setdefault("X-Frame-Options", "DENY")
response.headers.setdefault("Referrer-Policy", "strict-origin-when-cross-origin")
response.headers.setdefault("Permissions-Policy", "geolocation=(), microphone=(), camera=()")
if request.url.scheme == "https":
response.headers.setdefault("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
if os.getenv("CEPHEUS_PRODUCTION", "").strip() == "1":
response.headers.setdefault(
"Content-Security-Policy",
"default-src 'none'; frame-ancestors 'none'",
)
return response