mirror of
https://github.com/wshobson/agents.git
synced 2026-03-18 17:47:16 +00:00
12f3ff4555
* feat: add security middleware to REST API template Adds `TrustedHostMiddleware` and `CORSMiddleware` to the FastAPI template to ensure basic security protections are in place. Includes comments guiding users on how to configure these for production. - Added TrustedHostMiddleware for Host header validation - Added CORSMiddleware for Cross-Origin Resource Sharing - Added TODOs for production configuration * feat: add security middleware to REST API template Adds `TrustedHostMiddleware` and `CORSMiddleware` to the FastAPI template to ensure basic security protections are in place. Includes comments guiding users on how to configure these for production. - Added TrustedHostMiddleware for Host header validation - Added CORSMiddleware for Cross-Origin Resource Sharing - Configured safe defaults (allow_credentials=False) for the template - Added TODOs for production configuration * feat: secure API template and fix Pydantic deprecations Enhances `rest-api-template.py` with standard security middleware and updates Pydantic usage to V2 standards. - Added `TrustedHostMiddleware` and `CORSMiddleware` with safe defaults - Updated Pydantic models to use `ConfigDict` and `model_dump()` to resolve deprecation warnings - Documented security learnings in sentinel journal --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
605 B
605 B
2024-05-23 - Default Security Middleware in FastAPI Templates
Vulnerability: Missing default security headers and CORS configuration in API templates.
Learning: Developers often copy templates directly into production. If templates lack security headers by default, new services will be insecure.
Prevention: Always include TrustedHostMiddleware and CORSMiddleware in API templates with strict comments on how to configure them for production. Use safe defaults where possible, but permissive defaults with warnings (like *) are acceptable for templates if clearly marked with TODOs.