consultoria-as/stl-repo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4232d6625994df68358233a9662e1a0512c82952
stl-repo/app/main.py
Consultoria AS 4232d66259 security: CORS + headers de seguridad para 3d.consultoria-as.com 
- CORSMiddleware con dominio de produccion y localhost
- SecurityHeadersMiddleware: X-Frame-Options, CSP, nosniff, referrer-policy
- Titulo de app actualizado a PrintForge v2.2.0
2026-04-28 04:47:24 +00:00

73 lines
2.3 KiB
Python
Raw Blame History

from fastapi import FastAPI
from fastapi.staticfiles import StaticFiles
from fastapi.responses import FileResponse
from fastapi.middleware.cors import CORSMiddleware
from starlette.middleware.base import BaseHTTPMiddleware
from app.database import engine, Base
from app.routers import models
from app.migrate import run_migrations
import os
# Create tables and run migrations
Base.metadata.create_all(bind=engine)
run_migrations()
app = FastAPI(title="PrintForge", version="2.2.0")
# CORS — allow production domain and local development
app.add_middleware(
CORSMiddleware,
allow_origins=[
"https://3d.consultoria-as.com",
"http://localhost:8000",
"http://127.0.0.1:8000",
],
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
# Security headers middleware
class SecurityHeadersMiddleware(BaseHTTPMiddleware):
async def dispatch(self, request, call_next):
response = await call_next(request)
response.headers["X-Frame-Options"] = "SAMEORIGIN"
response.headers["X-Content-Type-Options"] = "nosniff"
response.headers["Referrer-Policy"] = "strict-origin-when-cross-origin"
response.headers["Content-Security-Policy"] = (
"default-src 'self'; "
"script-src 'self' 'unsafe-inline' https://cdn.tailwindcss.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; "
"style-src 'self' 'unsafe-inline'; "
"img-src 'self' data: blob:; "
"font-src 'self'; "
"connect-src 'self';"
)
return response
app.add_middleware(SecurityHeadersMiddleware)
app.include_router(models.router)
# Serve static files
app.mount("/static", StaticFiles(directory="static"), name="static")
# Serve uploads, thumbnails and images directly
app.mount("/uploads", StaticFiles(directory="uploads"), name="uploads")
app.mount("/thumbnails", StaticFiles(directory="thumbnails"), name="thumbnails")
app.mount("/images", StaticFiles(directory="images"), name="images")
@app.get("/")
def root():
return FileResponse("static/index.html")
@app.get("/upload")
def upload_page():
return FileResponse("static/upload.html")
@app.get("/model/{model_id}")
def detail_page(model_id: int):
return FileResponse("static/detail.html")
Reference in New Issue View Git Blame Copy Permalink