yunxiafei/openclaw-mission-control
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add Redis healthcheck and security response headers

Browse Source 
- Add healthcheck to Redis service in compose.yml and upgrade
  depends_on from service_started to service_healthy so backend
  and webhook-worker wait for Redis readiness.
- Add HTTP security headers middleware (X-Content-Type-Options,
  X-Frame-Options, Referrer-Policy, Permissions-Policy) to the
  FastAPI backend.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Simone
2026-02-22 22:20:53 +01:00
parent b8494667cf
commit 93161d3800
2 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
backend/app/main.py
View File

@@ -5,7 +5,7 @@ from __future__ import annotations
from contextlib import asynccontextmanager from contextlib import asynccontextmanager
from typing import TYPE_CHECKING, Any from typing import TYPE_CHECKING, Any
from fastapi import APIRouter, FastAPI, status from fastapi import APIRouter, FastAPI, Request, Response, status
from fastapi.middleware.cors import CORSMiddleware from fastapi.middleware.cors import CORSMiddleware
from fastapi.openapi.utils import get_openapi from fastapi.openapi.utils import get_openapi
from fastapi_pagination import add_pagination from fastapi_pagination import add_pagination
@@ -467,6 +467,17 @@ else:
install_error_handling(app) install_error_handling(app)
@app.middleware("http")
async def security_headers(request: Request, call_next: Any) -> Response:
"""Inject standard security headers into every response."""
response: Response = await call_next(request)
response.headers.setdefault("X-Content-Type-Options", "nosniff")
response.headers.setdefault("X-Frame-Options", "DENY")
response.headers.setdefault("Referrer-Policy", "strict-origin-when-cross-origin")
response.headers.setdefault("Permissions-Policy", "camera=(), microphone=(), geolocation=()")
return response
@app.get( @app.get(
"/health", "/health",
tags=["health"], tags=["health"],

9
compose.yml
View File

@@ -21,6 +21,11 @@ services:
image: redis:7-alpine image: redis:7-alpine
ports: ports:
- "${REDIS_PORT:-6379}:6379" - "${REDIS_PORT:-6379}:6379"
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 5s
timeout: 3s
retries: 5
backend: backend:
build: build:
@@ -42,7 +47,7 @@ services:
db: db:
condition: service_healthy condition: service_healthy
redis: redis:
condition: service_started condition: service_healthy
ports: ports:
- "${BACKEND_PORT:-8000}:8000" - "${BACKEND_PORT:-8000}:8000"
@@ -75,7 +80,7 @@ services:
- ./backend/.env.example - ./backend/.env.example
depends_on: depends_on:
redis: redis:
condition: service_started condition: service_healthy
db: db:
condition: service_healthy condition: service_healthy
environment: environment: