Implement security headers middleware

Adds X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and X-XSS-Protection headers to all responses.
2026-01-08 10:02:17 -08:00
parent 5de7a26735
commit 2e349a8b83
2 changed files with 14 additions and 1 deletions
--- a/internal/server/routes.go
+++ b/internal/server/routes.go
@@ -17,6 +17,7 @@ func (s *Server) SetupRoutes() {

 	s.router.Use(middleware.Recoverer)
 	s.router.Use(middleware.RequestID)
+	s.router.Use(s.mw.SecurityHeaders())
 	s.router.Use(s.mw.Logging())

 	// Add metrics middleware only if credentials are configured