mirror of
https://github.com/wshobson/agents.git
synced 2026-03-18 17:47:16 +00:00
12f3ff4555
* feat: add security middleware to REST API template Adds `TrustedHostMiddleware` and `CORSMiddleware` to the FastAPI template to ensure basic security protections are in place. Includes comments guiding users on how to configure these for production. - Added TrustedHostMiddleware for Host header validation - Added CORSMiddleware for Cross-Origin Resource Sharing - Added TODOs for production configuration * feat: add security middleware to REST API template Adds `TrustedHostMiddleware` and `CORSMiddleware` to the FastAPI template to ensure basic security protections are in place. Includes comments guiding users on how to configure these for production. - Added TrustedHostMiddleware for Host header validation - Added CORSMiddleware for Cross-Origin Resource Sharing - Configured safe defaults (allow_credentials=False) for the template - Added TODOs for production configuration * feat: secure API template and fix Pydantic deprecations Enhances `rest-api-template.py` with standard security middleware and updates Pydantic usage to V2 standards. - Added `TrustedHostMiddleware` and `CORSMiddleware` with safe defaults - Updated Pydantic models to use `ConfigDict` and `model_dump()` to resolve deprecation warnings - Documented security learnings in sentinel journal --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
5 lines
605 B
Markdown
5 lines
605 B
Markdown
## 2024-05-23 - Default Security Middleware in FastAPI Templates
|
|
**Vulnerability:** Missing default security headers and CORS configuration in API templates.
|
|
**Learning:** Developers often copy templates directly into production. If templates lack security headers by default, new services will be insecure.
|
|
**Prevention:** Always include `TrustedHostMiddleware` and `CORSMiddleware` in API templates with strict comments on how to configure them for production. Use safe defaults where possible, but permissive defaults with warnings (like `*`) are acceptable for templates if clearly marked with TODOs.
|