viktor/wrongmove
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add API anti-abuse hardening: disable docs in prod, origin validator, exception handler

Browse source 
- Disable OpenAPI docs/redoc/openapi.json when APP_ENV=production
- Strip uvicorn Server header with --no-server-header in Dockerfile and docker-compose.yml
- Add OriginValidatorMiddleware to reject state-changing requests from disallowed origins
- Add global exception handler to prevent stack trace leakage on unhandled errors
- Add tests for all new security features (OpenAPI, origin validation, exception handler, server header)
This commit is contained in:
Viktor Barzin 2026-02-08 20:06:46 +00:00
parent 162d9a886d
commit 1ace45353a
No known key found for this signature in database
GPG key ID: 0EB088298288D958
8 changed files with 252 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tests/unit/test_security_headers.py
View file

@ -54,3 +54,9 @@ class TestSecurityHeaders:
client = TestClient(_build_app())
resp = client.get("/test")
assert "Strict-Transport-Security" not in resp.headers
def test_server_header_not_present(self) -> None:
"""The Server header should not leak server software info."""
client = TestClient(_build_app())
resp = client.get("/test")
assert "Server" not in resp.headers or "uvicorn" not in resp.headers.get("Server", "").lower()