17 lines
772 B
Python
17 lines
772 B
Python
from fastapi import Request, Response, status
|
|
from fastapi.responses import JSONResponse
|
|
from starlette.middleware.base import BaseHTTPMiddleware
|
|
|
|
class SecurityHeadersMiddleware(BaseHTTPMiddleware):
|
|
async def dispatch(self, request, call_next):
|
|
response = await call_next(request)
|
|
# X-Frame-Optionsヘッダー追加
|
|
response.headers['X-Frame-Options'] = 'DENY'
|
|
# X-Content-Type-Optionsヘッダー追加
|
|
response.headers['X-Content-Type-Options'] = 'nosniff'
|
|
# Strict-Transport-Securityヘッダー追加
|
|
response.headers['Strict-Transport-Security'] = 'max-age=31536000 includeSubDomains'
|
|
# Cache-Controlヘッダー追加
|
|
response.headers['Cache-Control'] = 'private'
|
|
return response
|