Coverage for src / local_deep_research / settings / env_definitions / security.py: 100%
4 statements
« prev ^ index » next coverage.py v7.13.4, created at 2026-02-25 01:07 +0000
1"""
2Security environment settings.
4These settings control security-related behavior like SSRF validation
5and CORS origin restrictions.
6"""
8import os
9from ..env_settings import BooleanSetting, StringSetting
12# External environment variables (set by pytest, CI systems)
13# These are read directly since we don't control them
14PYTEST_CURRENT_TEST = os.environ.get("PYTEST_CURRENT_TEST")
17# LDR Security settings (our application's security configuration)
18SECURITY_SETTINGS = [
19 BooleanSetting(
20 key="security.ssrf.disable_validation", # gitleaks:allow
21 description="Disable SSRF validation (test/dev only - NEVER in production)",
22 default=False,
23 ),
24 StringSetting(
25 key="security.cors.allowed_origins",
26 description=(
27 "Allowed CORS origins for API routes (comma-separated). "
28 "Use '*' for all origins, empty for same-origin only. "
29 "Example: 'https://example.com,https://app.example.com'"
30 ),
31 default=None,
32 ),
33 StringSetting(
34 key="security.websocket.allowed_origins",
35 description=(
36 "Allowed origins for WebSocket/Socket.IO connections (comma-separated). "
37 "Use '*' for all origins (default), empty for same-origin only. "
38 "Example: 'https://example.com,https://app.example.com'"
39 ),
40 default=None,
41 ),
42]