Skip to content

feat(security): make security headers configurable#224

Open
ayeshafaeza-2427 wants to merge 1 commit into
nensii21:mainfrom
ayeshafaeza-2427:security-issue-105
Open

feat(security): make security headers configurable#224
ayeshafaeza-2427 wants to merge 1 commit into
nensii21:mainfrom
ayeshafaeza-2427:security-issue-105

Conversation

@ayeshafaeza-2427

Copy link
Copy Markdown

Description

This PR improves the configurability of backend security headers while preserving the existing default behavior.

Changes

  • Made X-Content-Type-Options configurable using ENABLE_X_CONTENT_TYPE_OPTIONS.
  • Made X-Frame-Options configurable using ENABLE_X_FRAME_OPTIONS.
  • Added configurable support for X-Permitted-Cross-Domain-Policies.
  • Added configurable support for X-DNS-Prefetch-Control.
  • Added documentation for configurable security header settings in the backend README.

Why

The project already includes core security mechanisms such as CSP, HSTS, CORS, and rate limiting. This PR enhances flexibility by allowing additional security headers to be enabled or disabled through configuration without changing the default behavior.

Closes #105

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉 Thank you for your first Pull Request to DevLink!

We appreciate your contribution to our open-source community.

Before your PR is reviewed, please ensure:

  • ✅ The project builds successfully.
  • ✅ Your code follows the project's coding standards.
  • ✅ You have tested your changes.
  • ✅ Related documentation has been updated if necessary.

Our maintainers will review your PR as soon as possible.

Thank you for helping improve DevLink! 💙

@nensii21

Copy link
Copy Markdown
Owner

CI job is failing.

@ayeshafaeza-2427

Copy link
Copy Markdown
Author

Hi! @nensii21 I checked the failing Backend CI job. The formatter (black --check) is reporting formatting issues in files such as backend/app/core/celery_app.py and several notification-related files, which are not part of this PR. The changes in this PR are limited to:

backend/app/core/config.py
backend/app/middleware/security_headers.py
backend/README.md

Could you please confirm whether the CI is picking up formatting issues from the base branch? I'm happy to make any changes needed if there's something specific in my PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Security Headers

2 participants