dpnmw/agents
1
0
Fork 0
mirror of https://github.com/wshobson/agents.git synced 2026-03-18 17:47:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

🛡️ Sentinel: [Security Enhancement] Add security middleware to API template (#154)

Browse Source 
* feat: add security middleware to REST API template

Adds `TrustedHostMiddleware` and `CORSMiddleware` to the FastAPI template to ensure basic security protections are in place. Includes comments guiding users on how to configure these for production.

- Added TrustedHostMiddleware for Host header validation
- Added CORSMiddleware for Cross-Origin Resource Sharing
- Added TODOs for production configuration

* feat: add security middleware to REST API template

Adds `TrustedHostMiddleware` and `CORSMiddleware` to the FastAPI template to ensure basic security protections are in place. Includes comments guiding users on how to configure these for production.

- Added TrustedHostMiddleware for Host header validation
- Added CORSMiddleware for Cross-Origin Resource Sharing
- Configured safe defaults (allow_credentials=False) for the template
- Added TODOs for production configuration

* feat: secure API template and fix Pydantic deprecations

Enhances `rest-api-template.py` with standard security middleware and updates Pydantic usage to V2 standards.

- Added `TrustedHostMiddleware` and `CORSMiddleware` with safe defaults
- Updated Pydantic models to use `ConfigDict` and `model_dump()` to resolve deprecation warnings
- Documented security learnings in sentinel journal

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
This commit is contained in:
google-labs-jules[bot]
2025-12-22 09:51:51 -05:00
committed by GitHub
parent a86384334b
commit 12f3ff4555
2 changed files with 27 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.jules/sentinel.md Normal file
View File

@@ -0,0 +1,4 @@
## 2024-05-23 - Default Security Middleware in FastAPI Templates
**Vulnerability:** Missing default security headers and CORS configuration in API templates.
**Learning:** Developers often copy templates directly into production. If templates lack security headers by default, new services will be insecure.
**Prevention:** Always include `TrustedHostMiddleware` and `CORSMiddleware` in API templates with strict comments on how to configure them for production. Use safe defaults where possible, but permissive defaults with warnings (like `*`) are acceptable for templates if clearly marked with TODOs.