gnx/Hotel-Booking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Iliyan Angelov
2025-12-01 06:50:10 +02:00
parent 91f51bc6fe
commit 62c1fe5951
4682 changed files with 544807 additions and 31208 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
Backend/src/security/middleware/__pycache__/security.cpython-312.pyc
View File

Binary file not shown.

7
Backend/src/security/middleware/security.py
View File

@@ -10,7 +10,12 @@ class SecurityHeadersMiddleware(BaseHTTPMiddleware):
async def dispatch(self, request: Request, call_next):
response = await call_next(request)
security_headers = {'X-Content-Type-Options': 'nosniff', 'X-Frame-Options': 'DENY', 'X-XSS-Protection': '1; mode=block', 'Referrer-Policy': 'strict-origin-when-cross-origin', 'Permissions-Policy': 'geolocation=(), microphone=(), camera=()'}
security_headers.setdefault('Cross-Origin-Resource-Policy', 'cross-origin')
# Allow cross-origin resource sharing for uploads/images
# This is needed for images to load from different origins in development
if '/uploads/' in str(request.url):
security_headers.setdefault('Cross-Origin-Resource-Policy', 'cross-origin')
else:
security_headers.setdefault('Cross-Origin-Resource-Policy', 'same-origin')
if settings.is_production:
# Enhanced CSP with stricter directives
# Using 'strict-dynamic' for better security with nonce-based scripts