Skip to content

feat(api): allow overriding http-security-headers in middyfy#31

Merged
v4ll3l1 merged 2 commits into
mainfrom
fix/embeddable-cors-headers
May 12, 2026
Merged

feat(api): allow overriding http-security-headers in middyfy#31
v4ll3l1 merged 2 commits into
mainfrom
fix/embeddable-cors-headers

Conversation

@v4ll3l1
Copy link
Copy Markdown
Contributor

@v4ll3l1 v4ll3l1 commented May 12, 2026

No description provided.

v4ll3l1 and others added 2 commits May 12, 2026 11:25
@v4ll3l1 @claude
feat(api): allow overriding http-security-headers in middyfy
3d33a17 
Adds securityHeadersOptions to middyfy() so consumers can configure
@middy/http-security-headers per-handler. Includes an embeddable
resource preset that relaxes CORP/COEP/COOP for handlers serving
images or other resources embedded cross-origin.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@v4ll3l1
fixed formatting
331788f
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 12, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@v4ll3l1 v4ll3l1 requested a review from Copilot May 12, 2026 09:28
Copilot AI reviewed May 12, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds an opt-in way to override @middy/http-security-headers options via the shared middyfy() wrapper, enabling specific handlers (e.g., media/resources) to be embeddable cross-origin without changing the default security posture for all endpoints.

Changes:

  • Add securityHeadersOptions to middyfy() props and pass it through to httpSecurityHeaders(...).
  • Introduce embeddableResourceSecurityHeaders preset for cross-origin embeddable resources.
  • Re-export the new preset/type from the middleware barrel index.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
packages/api/src/lib/middleware/middyfy.ts Adds a securityHeadersOptions prop and forwards it to @middy/http-security-headers.
packages/api/src/lib/middleware/index.ts Re-exports the new security-headers preset/type from the middleware entrypoint.
packages/api/src/lib/middleware/embeddableResourceSecurityHeaders.ts Adds a documented preset (embeddableResourceSecurityHeaders) plus a helper options type.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@v4ll3l1 v4ll3l1 requested a review from dgoerdes May 12, 2026 11:02
@v4ll3l1 v4ll3l1 merged commit 1c23126 into main May 12, 2026
9 checks passed
@v4ll3l1 v4ll3l1 deleted the fix/embeddable-cors-headers branch May 12, 2026 11:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@dgoerdes dgoerdes dgoerdes approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@v4ll3l1 @dgoerdes