Ë ÄPi_ãóD—ddlZddlmZddlmZddlmZGd„d«Zy)éN)ÚCORS)ÚFlask)Úenvcó<—eZdZdZedefd„«Zedefd„«Zy)ÚSecurityConfiguë³´ì•ˆ ì„¤ì • í´ëž˜ìŠ¤Úappc ó —tjdddg¬«}tjd«dk(r|jgd¢«t ||tjdgd ¢¬«tjd gd¢¬«dd ¬«y)uCORS ì„¤ì •ÚALLOWED_ORIGINSzhttps://mlink.sellmall.co.krzhttps://www.sellmall.co.kr)ÚdefaultÚENVIRONMENTÚdevelopment)zhttp://localhost:3000zhttp://localhost:3001zhttp://127.0.0.1:3000zhttp://127.0.0.1:3001ÚALLOWED_METHODS)ÚGETÚPOSTÚPUTÚDELETEÚOPTIONSÚALLOWED_HEADERS)zContent-TypeÚ AuthorizationzX-Requested-WithzX-CSRF-TokenTi)ÚoriginsÚmethodsÚ allow_headersÚsupports_credentialsÚmax_ageN)rÚget_listÚgetÚextendr)rÚallowed_originss úF/home/kdj-ubuntu1/mlink_AI_Server/mlink-backend/src/config/security.pyÚconfigure_corszSecurityConfig.configure_cors sŠ€ôŸ,™,Ð'8Ø*Ø(ðC ôˆô7‰7=Ó! ]Ò2Ø×"Ñ"ò$ô ô ØØ#Ü—L‘LÐ!2ò=ôôŸ,™,Ð'8òCôð"&Øö ócó(—|jd„«}y)uë³´ì•ˆ í—¤ë” ì„¤ì •cóÜ—d|jd<d|jd<d|jd<d|jd<d }||jd <d|jd<d |jd<|S)NÚnosniffzX-Content-Type-OptionsÚDENYzX-Frame-Optionsz 1; mode=blockzX-XSS-Protectionz#max-age=31536000; includeSubDomainszStrict-Transport-SecurityzÞdefault-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; connect-src 'self' https://api.openai.com https://media.tenor.com; frame-ancestors 'none';zContent-Security-Policyzstrict-origin-when-cross-originzReferrer-Policyzmgeolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=()zPermissions-Policy)Úheaders)ÚresponseÚcsps rÚadd_security_headerszGSecurityConfig.configure_security_headers..add_security_headers/sš€ð:CˆH×ÑÐ5Ñ6Ø28ˆH×ÑÐ.Ñ/Ø3BˆH×ÑÐ/Ñ0ð=bˆH×ÑÐ8Ñ9ð*ð ð;>ˆH×ÑÐ6Ñ7ð3TˆH×ÑÐ.Ñ/ð#ð ×ÑÐ1Ñ2ðˆOr!N)Ú after_request)rr)s rÚconfigure_security_headersz)SecurityConfig.configure_security_headers,s€ð × Ñ ñ# ó ñ# r!N)Ú__name__Ú __module__Ú__qualname__Ú__doc__Ústaticmethodrr r+©r!rrrs:„Ù!àð ˜Eò óð ðBð&¨ò&óñ&r!r)ÚosÚ flask_corsrÚflaskrÚsrc.config.env_loaderrrr1r!rÚr6sðã ÝÝÝ%÷LòLr!