cardosofelipe/fast-next-template
Template
1
0
Fork 1
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Enhance security headers middleware with configurable CSP modes

Browse Source 
- Introduced `CSP_MODE` setting with `strict`, `relaxed`, and `disabled` options for flexible content security policies.
- Updated middleware to apply varying CSP rules based on mode and request context (e.g., API docs).
- Improved security and frontend compatibility with detailed policy definitions for external resources.
- Defaulted `CSP_MODE` to `relaxed`, ensuring balanced security and usability in modern applications.
This commit is contained in:
Felipe Cardoso
2025-10-31 12:50:34 +01:00
parent 2d909774df
commit 80c26c3df2
2 changed files with 81 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
backend/app/core/config.py
View File

@@ -15,6 +15,15 @@ class Settings(BaseSettings):
description="Environment: development, staging, or production"
)
# Security: Content Security Policy
# Set to False to disable CSP entirely (not recommended)
# Set to True for strict CSP (blocks most external resources)
# Set to "relaxed" for modern frontend development
CSP_MODE: str = Field(
default="relaxed",
description="CSP mode: 'strict', 'relaxed', or 'disabled'"
)
# Database configuration
POSTGRES_USER: str = "postgres"
POSTGRES_PASSWORD: str = "postgres"