From adbfa7a3c8966355c7a8e28c50c593ab7ba92dac Mon Sep 17 00:00:00 2001
From: Koncept Kit <63216427+konceptkit@users.noreply.github.com>
Date: Wed, 7 Jan 2026 14:21:47 +0700
Subject: [PATCH] - Fixed MutableHeaders bug- Disable API docs in production-
 CORS diagnostic endpoint- Security headers + CORS middlewareMust have
 ENVIRONMENT=production and CORS_ORIGINS=... in .env file

---
 server.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/server.py b/server.py
index 561d540..298f7fc 100644
--- a/server.py
+++ b/server.py
@@ -6340,8 +6340,9 @@ async def add_security_headers(request: Request, call_next):
     for header, value in security_headers.items():
         response.headers[header] = value
 
-    # Remove server identification headers
-    response.headers.pop("Server", None)
+    # Remove server identification headers (use del, not pop for MutableHeaders)
+    if "Server" in response.headers:
+        del response.headers["Server"]
 
     return response