From b1989d487a32df042e9e266500cb602d8ca28680 Mon Sep 17 00:00:00 2001
From: Berry den Hartog <38954346+berrydenhartog@users.noreply.github.com>
Date: Thu, 8 Aug 2024 09:50:55 +0000
Subject: [PATCH] Add security Middleware

---
 amt/middleware/security.py | 16 ++++++++++++++++
 amt/server.py              |  2 ++
 2 files changed, 18 insertions(+)
 create mode 100644 amt/middleware/security.py

diff --git a/amt/middleware/security.py b/amt/middleware/security.py
new file mode 100644
index 00000000..57ab187a
--- /dev/null
+++ b/amt/middleware/security.py
@@ -0,0 +1,16 @@
+import typing
+
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.requests import Request
+from starlette.responses import Response
+
+RequestResponseEndpoint = typing.Callable[[Request], typing.Awaitable[Response]]
+
+
+class SecurityMiddleware(BaseHTTPMiddleware):
+    async def dispatch(self, request: Request, call_next: RequestResponseEndpoint) -> Response:
+        response = await call_next(request)
+
+        response.headers["Strict-Transport-Security"] = "Strict-Transport-Security: max-age=31536000; includeSubDomains"
+
+        return response
diff --git a/amt/server.py b/amt/server.py
index 04e8a2b0..e8c0c3bc 100644
--- a/amt/server.py
+++ b/amt/server.py
@@ -23,6 +23,7 @@
 from .middleware.csrf import CSRFMiddleware, CSRFMiddlewareExceptionHandler
 from .middleware.htmx import HTMXMiddleware
 from .middleware.route_logging import RequestLoggingMiddleware
+from .middleware.security import SecurityMiddleware
 
 configure_logging(get_settings().LOGGING_LEVEL, get_settings().LOGGING_CONFIG)
 
@@ -57,6 +58,7 @@ def create_app() -> FastAPI:
     app.add_middleware(CSRFMiddleware)
     app.add_middleware(CSRFMiddlewareExceptionHandler)
     app.add_middleware(HTMXMiddleware)
+    app.add_middleware(SecurityMiddleware)
 
     app.mount("/static", static_files, name="static")