#7 Transport Security: - Removed legacy _ssl_ctx alias from config.py - proxy.py now uses _internal_ssl_ctx directly (explicitly scoped) - No global TLS bypass remains #10 Deployment Hardening: - Inventory Dockerfile: non-root (node user), health check, production deps - Budget Dockerfile: non-root (node user), health check, npm ci, multi-stage ready - Frontend-v2 Dockerfile: multi-stage build, non-root (node user), health check - Added /health endpoints to inventory and budget (before auth middleware) - All 6 containers now run as non-root with health checks All services verified: gateway, trips, fitness, inventory, budget, frontend
This commit is contained in:
Yusuf Suleman
@@ -68,5 +68,3 @@ _internal_ssl_ctx = ssl.create_default_context()
|
||||
_internal_ssl_ctx.check_hostname = False
|
||||
_internal_ssl_ctx.verify_mode = ssl.CERT_NONE
|
||||
|
||||
# Legacy alias — to be removed once all callers are updated
|
||||
_ssl_ctx = _internal_ssl_ctx
|
||||
|
||||
Reference in New Issue
Block a user