chore: remove middleware for COEP,COOP and CORP headers

These headers are only intented to use for static resources like html pages, js files and not
 for generic APIS. so thhese has to be always applied based on the route. This is best done
 as a nginx rule than to ever reach here. Selectiveley add to /www/ route only.

Author: abose

package-lock.json

@@ -65,7 +65,6 @@
     "@aicore/libcommonutils": "1.0.20",
     "@fastify/compress": "^8.0.1",
     "@fastify/cors": "^10.0.2",
-    "@fastify/helmet": "^13.0.1",
     "@fastify/rate-limit": "^10.2.2",
     "@fastify/static": "8.1.0",
     "fastify": "5.2.1",

package.json

@@ -9,14 +9,12 @@ import {HTTP_STATUS_CODES} from "@aicore/libcommonutils";
 import {getConfigs} from "./utils/configs.js";
 import {getHelloSchema, hello, getHelloPostSchema, helloPost} from "./api/hello.js";
 import {fastifyStatic} from "@fastify/static";
-import helmet from '@fastify/helmet';
 import rateLimit from '@fastify/rate-limit';
 import cors from '@fastify/cors';
 import compression from '@fastify/compress';
 
 import path from 'path';
 import {fileURLToPath} from 'url';
-import * as fs from "node:fs";
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
@@ -43,24 +41,6 @@ server.register(compression, {
     threshold: 1024 // Only compress responses larger than 1KB
 });
 
-// Register security plugins
-server.register(helmet, {
-    contentSecurityPolicy: {
-        directives: {
-            defaultSrc: ["'self'"],
-            styleSrc: ["'self'", "'unsafe-inline'"],
-            imgSrc: ["'self'", 'data:', 'https:'],
-            scriptSrc: ["'self'"],
-            frameSrc: ["'none'"],
-            objectSrc: ["'none'"],
-            upgradeInsecureRequests: []
-        }
-    },
-    crossOriginEmbedderPolicy: true,
-    crossOriginOpenerPolicy: true,
-    crossOriginResourcePolicy: true
-});
-
 server.register(rateLimit, {
     max: 100,
     timeWindow: '1 minute',