From f64826f28db1cb4463621a557e0ddbfb30b88ab4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9nich=20Bon=20=C4=86iri=C4=87?=
 <renich@woralelandia.com>
Date: Mon, 15 Jun 2026 04:51:38 -0600
Subject: [PATCH] security: register SecureHeaders pipe in routes template
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Updates the routes.cr template to register Amber::Pipe::SecureHeaders.new
in the default web pipeline. This ensures newly generated applications
automatically enforce baseline security headers (XSS, Frame Options, nosniff, HSTS) out of the box.

Co-developed-by: Gemini AI <renich+gemini@woralelandia.com>
Signed-off-by: Rénich Bon Ćirić <renich@woralelandia.com>
---
 src/amber_cli/templates/app/config/routes.cr.ecr | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/amber_cli/templates/app/config/routes.cr.ecr b/src/amber_cli/templates/app/config/routes.cr.ecr
index f706e06..c9efed1 100644
--- a/src/amber_cli/templates/app/config/routes.cr.ecr
+++ b/src/amber_cli/templates/app/config/routes.cr.ecr
@@ -10,6 +10,7 @@ Amber::Server.configure do
     plug Amber::Pipe::Session.new
     plug Amber::Pipe::Flash.new
     plug Amber::Pipe::CSRF.new
+    plug Amber::Pipe::SecureHeaders.new
   end
 
   pipeline :api do