http-security-headers 0.2.0

Type-safe, framework-agnostic HTTP security headers with Tower middleware support
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

//! Basic Axum example with security headers middleware.
//!
//! Run with:
//! ```
//! cargo run --example axum_basic --features middleware
//! ```

#[cfg(feature = "middleware")]
use axum::{routing::get, Router};
#[cfg(feature = "middleware")]
use http_security_headers::{add_security_headers, Preset};
#[cfg(feature = "middleware")]
use std::net::SocketAddr;
#[cfg(feature = "middleware")]
use std::sync::Arc;

#[cfg(not(feature = "middleware"))]
fn main() {
    panic!("This example requires the `middleware` feature. Run with `--features middleware`.");
}

#[cfg(feature = "middleware")]
#[tokio::main]
async fn main() {
    // Create security headers configuration using the Strict preset
    let headers = Arc::new(Preset::Strict.build());

    // Create a simple Axum router
    let app = Router::new()
        .route("/", get(handler))
        .route("/health", get(health_check))
        // Add security headers middleware using map_response
        .layer(tower::ServiceBuilder::new().map_response(move |mut response| {
            add_security_headers(&mut response, &headers);
            response
        }));

    // Run the server
    let addr = SocketAddr::from(([127, 0, 0, 1], 3000));
    println!("Server running on http://{}", addr);
    println!("Try:");
    println!("  curl -I http://{}/", addr);
    println!("  curl -I http://{}/health", addr);

    let listener = tokio::net::TcpListener::bind(addr).await.unwrap();
    axum::serve(listener, app).await.unwrap();
}

#[cfg(feature = "middleware")]
async fn handler() -> &'static str {
    "Hello, World! Check the response headers for security headers."
}

#[cfg(feature = "middleware")]
async fn health_check() -> &'static str {
    "OK"
}