Release/hardening#11
Merged
Merged
Conversation
Companion to guard-core 2.2.0 and guard-agent 2.3.0. Pipeline-first CORS in the FlaskAPIGuard extension via guard_core.sync.handlers.cors_handler. - _before_request now runs the security pipeline for every method including OPTIONS preflight. Preflights were previously short- circuited inside the extension before the pipeline ran; banned IPs could preflight freely. - Preflight handling moved BEFORE the passthrough / bypass check so cross-origin preflights to excluded paths (e.g. /health) still receive a valid CORS response. Passthrough and bypass return paths now also inject CORS headers via _attach_cors_to_blocked. - _after_request injects CORS headers via the shared guard_core.sync.handlers.cors_handler.CorsHandler module. - Removed every [[tool.mypy.overrides]] suppression block (ignore_missing_imports = true / follow_imports = 'skip' / disallow_untyped_decorators = false). Replaced with proper stubs (django-stubs) and inline-typed packages. - Removed every # type: ignore from edited files. - Stripped [tool.uv.sources] guard-core local-path block from committed pyproject.toml. - Added guard-agent to dev dependencies (was missing -- only mentioned in deptry's per_rule_ignores). Tests exercising agent integration via enable_agent=True now have an explicit declared dev dep. - Test infrastructure: added two regression tests proving cross-origin preflight + GET to excluded paths both work correctly with CORS. Full suite: 216 passed, 100% line + 100% branch coverage. Quality suite (mypy / ruff / vulture / bandit / radon / xenon / deptry) clean. 0 added suppressions. See CHANGELOG.md. BREAKING CHANGE: CORS is configured purely via SecurityConfig.cors_* fields and activates automatically inside the FlaskAPIGuard extension. There is no separate configure_cors entry point. OPTIONS preflight requests are now subject to the full security pipeline.
…pi-guard into release/hardening
github-actions
Bot
added
the
area: extension
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.