mirror of
https://github.com/syntrex-lab/gomcp.git
synced 2026-05-04 00:32:37 +02:00
feat(security): SEC-015 Strict CORS Origin Validation and Specs Update
This commit is contained in:
DmitrL-dev
parent
2a3ed1c319
commit
7bd08dc9be
4 changed files with 51 additions and 40 deletions
|
|
@ -19,6 +19,7 @@ import (
|
|||
"runtime"
|
||||
"runtime/debug"
|
||||
"strconv"
|
||||
"strings"
|
||||
"syscall"
|
||||
|
||||
"github.com/syntrex/gomcp/internal/application/soc"
|
||||
|
|
@ -122,6 +123,16 @@ func main() {
|
|||
socSvc := soc.NewService(socRepo, decisionLogger)
|
||||
srv := sochttp.New(socSvc, port)
|
||||
|
||||
// Configure CORS
|
||||
if corsEnv := env("SOC_CORS_ORIGIN", ""); corsEnv != "" {
|
||||
parts := strings.Split(corsEnv, ",")
|
||||
for i := range parts {
|
||||
parts[i] = strings.TrimSpace(parts[i])
|
||||
}
|
||||
srv.SetCORSOrigins(parts)
|
||||
slog.Info("CORS strict origins configured", "origins", len(parts))
|
||||
}
|
||||
|
||||
// Threat Intelligence Store — always initialized for IOC enrichment (§6)
|
||||
threatIntelStore := soc.NewThreatIntelStore()
|
||||
threatIntelStore.AddDefaultFeeds()
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue