use axum::{
extract::Request,
http::{header::HeaderName, HeaderValue},
middleware::Next,
response::Response,
};
const SECURITY_HEADERS: &[(&str, &str)] = &[
("x-frame-options", "DENY"),
("x-content-type-options", "nosniff"),
("referrer-policy", "no-referrer"),
("content-security-policy", "frame-ancestors 'none'"),
];
pub async fn security_headers(req: Request, next: Next) -> Response {
let mut res = next.run(req).await;
let headers = res.headers_mut();
for (name, value) in SECURITY_HEADERS {
headers.insert(
HeaderName::from_static(name),
HeaderValue::from_static(value),
);
}
res
}
#[cfg(test)]
#[path = "security_headers_tests.rs"]
mod security_headers_tests;