admin/012-kaopeilian
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cf71fabef019371246f7fe27576139ab0b0b6db6
012-kaopeilian/backend/app/schemas/user.py
yuliang_guo 79b55cfd12
All checks were successful
continuous-integration/drone/push Build is passing
Details
fix: 修复权限提升漏洞和添加安全头 
安全修复:
- 创建 UserSelfUpdate schema,禁止用户修改自己的 role 和 is_active
- /users/me 端点现在使用 UserSelfUpdate 而非 UserUpdate

安全增强:
- 添加 SecurityHeadersMiddleware 中间件
- X-Content-Type-Options: nosniff
- X-Frame-Options: DENY
- X-XSS-Protection: 1; mode=block
- Referrer-Policy: strict-origin-when-cross-origin
- Permissions-Policy: 禁用敏感功能
- Cache-Control: API响应不缓存
2026-01-31 10:57:41 +08:00

4.2 KiB
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink