✅ Task 1: Security middleware tests (95% coverage)

- Created 48 comprehensive tests for security middleware - Coverage: security.py 97%, auth.py 92%, total 95% - Tests for SecurityHeadersMiddleware, CSP, RequestSanitization - Tests for rate limiting (IP-based, origin-based, cleanup) - Fixed MutableHeaders.pop() bug in security.py - All tests passing, exceeds 90% target
2026-01-26 17:22:55 +01:00
parent fb8f0bdbd2
commit 7c1242a122
7 changed files with 1461 additions and 1354 deletions
--- a/src/server/middleware/security.py
+++ b/src/server/middleware/security.py
@@ -97,8 +97,15 @@ class SecurityHeadersMiddleware(BaseHTTPMiddleware):
            response.headers["Permissions-Policy"] = self.permissions_policy

        # Remove potentially revealing headers
-        response.headers.pop("Server", None)
-        response.headers.pop("X-Powered-By", None)
+        # MutableHeaders doesn't have pop(), use del with try/except
+        try:
+            del response.headers["Server"]
+        except KeyError:
+            pass
+        try:
+            del response.headers["X-Powered-By"]
+        except KeyError:
+            pass

        return response