From 7d49370ccd2c2f8512606d61b712c3c8b63e59e5 Mon Sep 17 00:00:00 2001
From: Rashida Kanchwala <rashida.kanchwala@quantumblack.com>
Date: Tue, 28 Nov 2023 17:35:13 +0000
Subject: [PATCH 1/4] WIP

Signed-off-by: Rashida Kanchwala <rashida.kanchwala@quantumblack.com>
---
 demo-project/Dockerfile       |  2 ++
 package/kedro_viz/api/apps.py | 16 ++++++++--------
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/demo-project/Dockerfile b/demo-project/Dockerfile
index eb28cc8367..02ef845c0b 100644
--- a/demo-project/Dockerfile
+++ b/demo-project/Dockerfile
@@ -8,3 +8,5 @@ COPY . /code
 RUN pip install --no-cache-dir --upgrade -r /code/src/docker_requirements.txt
 
 CMD ["kedro", "viz", "--host", "0.0.0.0", "--port", "4141", "--no-browser"]
+
+ENV ADD_SECURITY_HEADERS=true
diff --git a/package/kedro_viz/api/apps.py b/package/kedro_viz/api/apps.py
index e0eea9e484..6be7f8da9c 100644
--- a/package/kedro_viz/api/apps.py
+++ b/package/kedro_viz/api/apps.py
@@ -1,6 +1,7 @@
 """`kedro_viz.api.app` defines the FastAPI app to serve Kedro data in a RESTful API.
 This data could either come from a real Kedro project or a file.
 """
+import os
 import json
 import time
 from pathlib import Path
@@ -21,9 +22,6 @@
 
 _HTML_DIR = Path(__file__).parent.parent.absolute() / "html"
 
-secure_headers = secure.Secure()
-
-
 def _create_etag() -> str:
     """Generate the current timestamp to use as etag."""
     return str(time.time())
@@ -37,11 +35,13 @@ def _create_base_api_app() -> FastAPI:
         default_response_class=EnhancedORJSONResponse,
     )
 
-    @app.middleware("http")
-    async def set_secure_headers(request, call_next):
-        response = await call_next(request)
-        secure_headers.framework.fastapi(response)
-        return response
+    if os.getenv('ADD_SECURITY_HEADERS', '').lower() == 'true':
+        secure_headers = secure.Secure()
+        @app.middleware("http")
+        async def set_secure_headers(request, call_next):
+            response = await call_next(request)
+            secure_headers.framework.fastapi(response)
+            return response
 
     return app
 

From 33faec41f3afeb3b45e7ef8b739f3d74423d5c6c Mon Sep 17 00:00:00 2001
From: Rashida Kanchwala <rashida.kanchwala@quantumblack.com>
Date: Tue, 28 Nov 2023 19:04:56 +0000
Subject: [PATCH 2/4] fix lint

Signed-off-by: Rashida Kanchwala <rashida.kanchwala@quantumblack.com>
---
 package/kedro_viz/api/apps.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/package/kedro_viz/api/apps.py b/package/kedro_viz/api/apps.py
index 6be7f8da9c..5820d86817 100644
--- a/package/kedro_viz/api/apps.py
+++ b/package/kedro_viz/api/apps.py
@@ -1,8 +1,8 @@
 """`kedro_viz.api.app` defines the FastAPI app to serve Kedro data in a RESTful API.
 This data could either come from a real Kedro project or a file.
 """
-import os
 import json
+import os
 import time
 from pathlib import Path
 
@@ -22,6 +22,7 @@
 
 _HTML_DIR = Path(__file__).parent.parent.absolute() / "html"
 
+
 def _create_etag() -> str:
     """Generate the current timestamp to use as etag."""
     return str(time.time())
@@ -35,8 +36,9 @@ def _create_base_api_app() -> FastAPI:
         default_response_class=EnhancedORJSONResponse,
     )
 
-    if os.getenv('ADD_SECURITY_HEADERS', '').lower() == 'true':
+    if os.getenv("ADD_SECURITY_HEADERS", "").lower() == "true":
         secure_headers = secure.Secure()
+
         @app.middleware("http")
         async def set_secure_headers(request, call_next):
             response = await call_next(request)

From 7939bdffffcfca11abe8ce3239aa6da642e71a8b Mon Sep 17 00:00:00 2001
From: Rashida Kanchwala <rashida.kanchwala@quantumblack.com>
Date: Tue, 28 Nov 2023 19:17:47 +0000
Subject: [PATCH 3/4] fix tests

Signed-off-by: Rashida Kanchwala <rashida.kanchwala@quantumblack.com>
---
 package/kedro_viz/api/apps.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package/kedro_viz/api/apps.py b/package/kedro_viz/api/apps.py
index 5820d86817..1cdbc5b178 100644
--- a/package/kedro_viz/api/apps.py
+++ b/package/kedro_viz/api/apps.py
@@ -36,7 +36,7 @@ def _create_base_api_app() -> FastAPI:
         default_response_class=EnhancedORJSONResponse,
     )
 
-    if os.getenv("ADD_SECURITY_HEADERS", "").lower() == "true":
+    if os.getenv("ADD_SECURITY_HEADERS", "").lower() == "true": # pragma: no cover
         secure_headers = secure.Secure()
 
         @app.middleware("http")

From cf59f5308e648676b37cb2d4f007203ef999daff Mon Sep 17 00:00:00 2001
From: Rashida Kanchwala <rashida.kanchwala@quantumblack.com>
Date: Wed, 29 Nov 2023 11:12:41 +0000
Subject: [PATCH 4/4] fix lint

Signed-off-by: Rashida Kanchwala <rashida.kanchwala@quantumblack.com>
---
 package/kedro_viz/api/apps.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package/kedro_viz/api/apps.py b/package/kedro_viz/api/apps.py
index 1cdbc5b178..7200ad4ab7 100644
--- a/package/kedro_viz/api/apps.py
+++ b/package/kedro_viz/api/apps.py
@@ -36,7 +36,7 @@ def _create_base_api_app() -> FastAPI:
         default_response_class=EnhancedORJSONResponse,
     )
 
-    if os.getenv("ADD_SECURITY_HEADERS", "").lower() == "true": # pragma: no cover
+    if os.getenv("ADD_SECURITY_HEADERS", "").lower() == "true":  # pragma: no cover
         secure_headers = secure.Secure()
 
         @app.middleware("http")