feat: add security headers middleware #76

Merged

pook merged 1 commit from feat/security-headers into main 2026-04-09 06:13:38 -04:00

Conversation 1 Commits 1 Files changed 3 +49

pook commented 2026-04-08 17:17:46 -04:00

Owner

Copy link

Summary

• Adds middleware setting 5 security headers (HSTS, X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, Referrer-Policy) on every response
• Registered before route handlers in the middleware chain
• Includes unit tests verifying all headers on both 200 and 404 responses
• No CORS logic included (separate task per #39)

Test plan

• Unit tests pass: bun test packages/api/tests/unit/security-headers.test.ts (2 pass, 0 fail)
• Manual verification: check response headers on any endpoint

Refs #39

🤖 Generated with Claude Code

## Summary - Adds middleware setting 5 security headers (HSTS, X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, Referrer-Policy) on every response - Registered before route handlers in the middleware chain - Includes unit tests verifying all headers on both 200 and 404 responses - No CORS logic included (separate task per #39) ## Test plan - [x] Unit tests pass: `bun test packages/api/tests/unit/security-headers.test.ts` (2 pass, 0 fail) - [ ] Manual verification: check response headers on any endpoint Refs #39 🤖 Generated with [Claude Code](https://claude.com/claude-code)

pook added 1 commit 2026-04-08 17:17:46 -04:00

feat: add security headers middleware ... 8b813f8b0f

Set Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options,
X-XSS-Protection, and Referrer-Policy on every response. Applied before
route handlers. Includes unit tests verifying all 5 headers.

Refs #39

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

pook commented 2026-04-08 17:18:13 -04:00

Author

Owner

Copy link

⚠️ No Test Suite Detected

Commit: 8b813f8b

No test script found in package.json. Add a test script to enable automated testing.

## ⚠️ No Test Suite Detected **Commit:** `8b813f8b` No `test` script found in `package.json`. Add a test script to enable automated testing.

pook merged commit 518b2d46b7 into main 2026-04-09 06:13:34 -04:00

pook referenced this pull request from a commit 2026-04-09 06:13:34 -04:00

Merge pull request 'feat: add security headers middleware' (#76) from feat/security-headers into main

pook referenced this pull request 2026-04-09 06:15:40 -04:00

PR pipeline unblocked: 18 PRs merged, 48 remaining need rebase #254

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

agent-task

Task for autonomous agent execution

  

agent-task

Paperclip autonomous agent task

No labels

agent-task

agent-task

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

pook/compliancebot!76

No description provided.