- Fixed MutableHeaders bug- Disable API docs in production- CORS diagnostic endpoint- Security headers + CORS middlewareMust have ENVIRONMENT=production and CORS_ORIGINS=... in .env file

2026-01-07 14:21:47 +07:00
parent a74f161efa
commit adbfa7a3c8
1 changed files with 3 additions and 2 deletions
--- a/server.py
+++ b/server.py
@@ -6340,8 +6340,9 @@ async def add_security_headers(request: Request, call_next):
    for header, value in security_headers.items():
        response.headers[header] = value

-    # Remove server identification headers
-    response.headers.pop("Server", None)
+    # Remove server identification headers (use del, not pop for MutableHeaders)
+    if "Server" in response.headers:
+        del response.headers["Server"]

    return response