security_headers_middleware

allsource_core::middleware

Function security_headers_middleware 

Source 
pub async fn security_headers_middleware(
    __arg0: State<SecurityState>,
    request: Request,
    next: Next,
) -> Response
Expand description

Security headers middleware

Adds security-related HTTP headers to all responses:

  • HSTS (Strict-Transport-Security)
  • X-Frame-Options
  • X-Content-Type-Options
  • X-XSS-Protection
  • Content-Security-Policy
  • CORS headers

ยงPhase 5C: Security Hardening

This middleware provides defense-in-depth by:

  1. Preventing clickjacking (X-Frame-Options)
  2. Preventing MIME sniffing (X-Content-Type-Options)
  3. Enforcing HTTPS (HSTS)
  4. Preventing XSS (CSP, X-XSS-Protection)
  5. Enabling CORS for controlled access