fix: add Redis healthcheck and security response headers

- Add healthcheck to Redis service in compose.yml and upgrade depends_on from service_started to service_healthy so backend and webhook-worker wait for Redis readiness. - Add HTTP security headers middleware (X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy) to the FastAPI backend. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-22 22:20:53 +01:00
parent b8494667cf
commit 93161d3800
2 changed files with 19 additions and 3 deletions
--- a/backend/app/main.py
+++ b/backend/app/main.py
@@ -5,7 +5,7 @@ from __future__ import annotations
 from contextlib import asynccontextmanager
 from typing import TYPE_CHECKING, Any

-from fastapi import APIRouter, FastAPI, status
+from fastapi import APIRouter, FastAPI, Request, Response, status
 from fastapi.middleware.cors import CORSMiddleware
 from fastapi.openapi.utils import get_openapi
 from fastapi_pagination import add_pagination
@@ -467,6 +467,17 @@ else:
 install_error_handling(app)


+@app.middleware("http")
+async def security_headers(request: Request, call_next: Any) -> Response:
+    """Inject standard security headers into every response."""
+    response: Response = await call_next(request)
+    response.headers.setdefault("X-Content-Type-Options", "nosniff")
+    response.headers.setdefault("X-Frame-Options", "DENY")
+    response.headers.setdefault("Referrer-Policy", "strict-origin-when-cross-origin")
+    response.headers.setdefault("Permissions-Policy", "camera=(), microphone=(), geolocation=()")
+    return response
+
+
@app.get(
    "/health",
    tags=["health"],