Compare commits

..

1 Commits

Author SHA1 Message Date
ruinivist 462b754d95 🛡️ Sentinel: [MEDIUM] Add HTTP security headers via Caddy 2026-06-07 07:41:18 +00:00
2 changed files with 11 additions and 0 deletions
+5
View File
@@ -0,0 +1,5 @@
## 2025-06-07 - [Added Security Headers via Caddy]
**Vulnerability:** Missing HTTP security headers (CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy).
**Learning:** The application does not apply security headers in the Bun application server but instead relies on the Caddy reverse proxy to inject them in the `Caddyfile`.
**Prevention:** Always configure security headers at the reverse proxy level (`Caddyfile`) instead of within the backend API routing code to ensure all routes, including static files, are properly protected.
+6
View File
@@ -6,6 +6,12 @@
:80 {
encode zstd gzip
header {
X-Frame-Options "SAMEORIGIN"
X-Content-Type-Options "nosniff"
Referrer-Policy "strict-origin-when-cross-origin"
}
handle /mcp {
reverse_proxy 127.0.0.1:3001
}