Bi_ LddlZddlmZddlmZddlmZGddZdS)N)CORS)Flask)envcJeZdZdZedefdZedefdZdS)SecurityConfigu보안 설정 클래스appc tjdddg}tjddkr|gdt ||tjdgd tjd gd d d dS)u CORS 설정ALLOWED_ORIGINSzhttps://mlink.sellmall.co.krzhttps://www.sellmall.co.kr)default ENVIRONMENT development)zhttp://localhost:3000zhttp://localhost:3001zhttp://127.0.0.1:3000zhttp://127.0.0.1:3001ALLOWED_METHODS)GETPOSTPUTDELETEOPTIONSALLOWED_HEADERS)z Content-Type AuthorizationzX-Requested-Withz X-CSRF-TokenTi)originsmethods allow_headerssupports_credentialsmax_ageN)rget_listgetextendr)rallowed_originss L/var/www/html/web/mlink/mlink_AI_Server/mlink-backend/src/config/security.pyconfigure_corszSecurityConfig.configure_cors s,'8 * (C     7= ! !] 2 2  " "$$$    #L!2===,'8CCC "&      c&|jd}dS)u보안 헤더 설정cd|jd<d|jd<d|jd<d|jd<d }||jd <d |jd <d |jd<|S)NnosniffzX-Content-Type-OptionsDENYzX-Frame-Optionsz 1; mode=blockzX-XSS-Protectionz#max-age=31536000; includeSubDomainszStrict-Transport-Securityzdefault-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; connect-src 'self' https://api.openai.com https://media.tenor.com; frame-ancestors 'none';zContent-Security-Policyzstrict-origin-when-cross-originzReferrer-Policyzmgeolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=()zPermissions-Policy)headers)responsecsps radd_security_headerszGSecurityConfig.configure_security_headers..add_security_headers/s:CH 5 628H . /3BH / 0=bH 8 9* ;>H 6 73TH . /#  1 2Or!N) after_request)rr)s rconfigure_security_headersz)SecurityConfig.configure_security_headers,s+ # #   # # # r!N)__name__ __module__ __qualname____doc__ staticmethodrr r+r!rrrsg!! E   \ B&&&&\&&&r!r)os flask_corsrflaskrsrc.config.env_loaderrrr1r!rr6s %%%%%%LLLLLLLLLLr!