feat: LLM response validation with defaults, security headers middleware, cleaner stats endpoint

2026-05-11 20:11:47 +03:00
parent 2d9ab9f436
commit fe384aed17
3 changed files with 35 additions and 5 deletions
--- a/guarddog_nexus/main.py
+++ b/guarddog_nexus/main.py
@@ -85,6 +85,17 @@ class RequestLoggingMiddleware(BaseHTTPMiddleware):
        return response


+class SecurityHeadersMiddleware(BaseHTTPMiddleware):
+    async def dispatch(self, request: Request, call_next):
+        response = await call_next(request)
+        response.headers["X-Content-Type-Options"] = "nosniff"
+        response.headers["X-Frame-Options"] = "DENY"
+        response.headers["X-XSS-Protection"] = "1; mode=block"
+        response.headers["Referrer-Policy"] = "no-referrer"
+        response.headers["Permissions-Policy"] = "geolocation=(), microphone=()"
+        return response
+
+
 app = FastAPI(
    title=APP_NAME,
    version=APP_VERSION,
@@ -92,6 +103,7 @@ app = FastAPI(
    lifespan=lifespan,
 )
 app.add_middleware(LangMiddleware)
+app.add_middleware(SecurityHeadersMiddleware)
 app.add_middleware(RequestLoggingMiddleware)