BanGUI

Files

Lukas 400ab1a3f1 Add security headers middleware and documentation

- Add SecurityHeadersMiddleware to backend/app/main.py
  - Implements Content-Security-Policy: default-src 'self'
  - Implements X-Frame-Options: DENY (clickjacking protection)
  - Implements X-Content-Type-Options: nosniff (MIME-sniffing protection)
  - Implements X-XSS-Protection: 1; mode=block (browser XSS filters)
- Add CSP meta tag to frontend/index.html for defense-in-depth
- Create Docs/Security.md with comprehensive security headers documentation
- Add test suite (backend/tests/test_security_headers_middleware.py) with 5 tests
  - Tests verify headers are present on success and error responses
  - Tests ensure all four security headers are correctly set
- All existing tests continue to pass

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

2026-04-30 21:33:08 +02:00

Architekture.md

Update documentation and ErrorBoundary component

2026-04-30 20:43:41 +02:00

Backend-Development.md

Implement global rate limiter and refactor auth middleware

2026-04-30 21:26:31 +02:00

Deployment.md

Add resource limits to all Docker containers

2026-04-30 21:03:56 +02:00

Features.md

Fix issue #31 : Make schedule reschedule deterministic and observable