porchlight/src
Johan Lundberg 519e3659a1
feat(security): add baseline security-header middleware
No security headers were set. Add SecurityHeadersMiddleware applying
Content-Security-Policy (configurable), X-Content-Type-Options: nosniff,
X-Frame-Options: DENY, Referrer-Policy, and Strict-Transport-Security on
HTTPS deployments. Verified HTMX/WebAuthn/forms still work under the CSP.

Refs: porchlight-1ph

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-10 08:53:49 +02:00
..
porchlight feat(security): add baseline security-header middleware 2026-06-10 08:53:49 +02:00