Skip to main content

SecurityHeaders

actix_security::http::security::headers

Struct SecurityHeaders 

Source 
pub struct SecurityHeaders {
    pub content_type_options: bool,
    pub frame_options: FrameOptions,
    pub xss_protection: bool,
    pub content_security_policy: Option<String>,
    pub hsts_enabled: bool,
    pub hsts_max_age: u64,
    pub hsts_include_subdomains: bool,
    pub hsts_preload: bool,
    pub referrer_policy: ReferrerPolicy,
    pub permissions_policy: Option<String>,
    pub cache_control: Option<String>,
}
Expand description

Security headers configuration.

§Spring Security Equivalent

HttpSecurity.headers()

§Example

use actix_security_core::http::security::headers::{SecurityHeaders, FrameOptions};

let headers = SecurityHeaders::new()
    .frame_options(FrameOptions::SameOrigin)
    .content_security_policy("default-src 'self'")
    .hsts(true, 31536000); // 1 year

Fields§

§content_type_options: bool

X-Content-Type-Options header (default: nosniff)

§frame_options: FrameOptions

X-Frame-Options header (default: DENY)

§xss_protection: bool

X-XSS-Protection header (default: 0)

§content_security_policy: Option<String>

Content-Security-Policy header (default: None)

§hsts_enabled: bool

Strict-Transport-Security header (default: disabled)

§hsts_max_age: u64

HSTS max-age in seconds (default: 31536000 = 1 year)

§hsts_include_subdomains: bool

HSTS include subdomains (default: false)

§hsts_preload: bool

HSTS preload (default: false)

§referrer_policy: ReferrerPolicy

Referrer-Policy header (default: strict-origin-when-cross-origin)

§permissions_policy: Option<String>

Permissions-Policy header (default: None)

§cache_control: Option<String>

Cache-Control header for sensitive content (default: None)

Implementations§

Source§

impl SecurityHeaders

Source

pub fn new() -> SecurityHeaders

Creates a new security headers configuration with defaults.

Source

pub fn strict() -> SecurityHeaders

Creates a strict security headers configuration.

Enables all security headers with strict values.

Source

pub fn frame_options(self, options: FrameOptions) -> SecurityHeaders

Sets the X-Frame-Options header.

§Spring Security Equivalent

headers().frameOptions().deny() or .sameOrigin()

Source

pub fn content_security_policy( self, policy: impl Into<String>, ) -> SecurityHeaders

Sets the Content-Security-Policy header.

§Spring Security Equivalent

headers().contentSecurityPolicy("policy")

§Example
let headers = SecurityHeaders::new()
    .content_security_policy("default-src 'self'; script-src 'self' 'unsafe-inline'");
Source

pub fn hsts(self, enabled: bool, max_age: u64) -> SecurityHeaders

Enables HTTP Strict Transport Security (HSTS).

§Spring Security Equivalent

headers().httpStrictTransportSecurity()

§Arguments
  • enabled - Whether to enable HSTS
  • max_age - Max-age value in seconds
Source

pub fn hsts_include_subdomains(self, include: bool) -> SecurityHeaders

Sets HSTS to include subdomains.

Source

pub fn hsts_preload(self, preload: bool) -> SecurityHeaders

Sets HSTS preload flag.

§Warning

Only enable this if you’ve submitted your domain to the HSTS preload list.

Source

pub fn referrer_policy(self, policy: ReferrerPolicy) -> SecurityHeaders

Sets the Referrer-Policy header.

§Spring Security Equivalent

headers().referrerPolicy(ReferrerPolicy.STRICT_ORIGIN)

Source

pub fn permissions_policy(self, policy: impl Into<String>) -> SecurityHeaders

Sets the Permissions-Policy header.

§Example
let headers = SecurityHeaders::new()
    .permissions_policy("geolocation=(), microphone=(), camera=()");
Source

pub fn cache_control(self, value: impl Into<String>) -> SecurityHeaders

Sets the Cache-Control header for sensitive content.

Source

pub fn disable_content_type_options(self) -> SecurityHeaders

Disables X-Content-Type-Options header.

Trait Implementations§

Source§

impl Clone for SecurityHeaders

Source§

fn clone(&self) -> SecurityHeaders

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for SecurityHeaders

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl Default for SecurityHeaders

Source§

fn default() -> SecurityHeaders

Creates security headers with sensible defaults.

§Default Values
  • X-Content-Type-Options: nosniff
  • X-Frame-Options: DENY
  • X-XSS-Protection: 0 (disabled as recommended)
  • Referrer-Policy: strict-origin-when-cross-origin
Source§

impl<S, B> Transform<S, ServiceRequest> for SecurityHeaders
where S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static, B: 'static,

Source§

type Response = ServiceResponse<B>

Responses produced by the service.
Source§

type Error = Error

Errors produced by the service.
Source§

type Transform = SecurityHeadersMiddleware<S>

The TransformService value created by this factory
Source§

type InitError = ()

Errors produced while building a transform service.
Source§

type Future = Ready<Result<<SecurityHeaders as Transform<S, ServiceRequest>>::Transform, <SecurityHeaders as Transform<S, ServiceRequest>>::InitError>>

The future response value.
Source§

fn new_transform( &self, service: S, ) -> <SecurityHeaders as Transform<S, ServiceRequest>>::Future

Creates and returns a new Transform component, asynchronously

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more