m/sfera
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden HTML5 response headers
CI / python (push) Has been cancelled
Details
CI / rust (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Mikhail
2026-05-17 12:19:40 +03:00
parent c90d708f21
commit dd80ea2f9d
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/api-server/src/api_server/main.py
+4 -1
View File
@@ -135,12 +135,14 @@ from ui_semantics import form_semantics
app = FastAPI(title="SFERA API", version="0.1.0")
_HTML5_ASSETS_DIR = Path(__file__).resolve().parent / "static" / "html5"
_HTML5_SECURITY_HEADERS = {"X-Content-Type-Options": "nosniff"}
class Html5StaticFiles(StaticFiles):
def file_response(self, *args, **kwargs):
response = super().file_response(*args, **kwargs)
response.headers.setdefault("Cache-Control", "public, max-age=86400")
response.headers.setdefault("X-Content-Type-Options", "nosniff")
return response
@@ -8438,6 +8440,7 @@ def _html5_sse_headers() -> dict[str, str]:
"Cache-Control": "no-cache, no-transform",
"Connection": "keep-alive",
"X-Accel-Buffering": "no",
**_HTML5_SECURITY_HEADERS,
}
@@ -8445,7 +8448,7 @@ def _html5_response(fragment: str) -> Response:
return Response(
fragment,
media_type="text/html; charset=utf-8",
headers={"Cache-Control": "no-cache, no-transform"},
headers={"Cache-Control": "no-cache, no-transform", **_HTML5_SECURITY_HEADERS},
)