[−][src]Struct rocket_contrib::helmet::SpaceHelmet
A Fairing
that adds HTTP
headers to outgoing responses that control security features on the browser.
Usage
To use SpaceHelmet
, first construct an instance of it. To use the default
set of headers, construct with SpaceHelmet::default()
.
For an instance with no preset headers, use SpaceHelmet::new()
. To
enable an additional header, use enable()
, and to
disable a header, use disable()
:
use rocket_contrib::helmet::SpaceHelmet; use rocket_contrib::helmet::{XssFilter, ExpectCt}; // A `SpaceHelmet` with the default headers: let helmet = SpaceHelmet::default(); // A `SpaceHelmet` with the default headers minus `XssFilter`: let helmet = SpaceHelmet::default().disable::<XssFilter>(); // A `SpaceHelmet` with the default headers plus `ExpectCt`. let helmet = SpaceHelmet::default().enable(ExpectCt::default()); // A `SpaceHelmet` with only `XssFilter` and `ExpectCt`. let helmet = SpaceHelmet::default() .enable(XssFilter::default()) .enable(ExpectCt::default());
Then, attach the instance of SpaceHelmet
to your application's instance of
Rocket
:
rocket::ignite() // ... .attach(helmet)
The fairing will inject all enabled headers into all outgoing responses unless the response already contains a header with the same name. If it does contain the header, a warning is emitted, and the header is not overwritten.
TLS and HSTS
If TLS is configured and enabled when the application is launched in a non-development environment (e.g., staging or production), HSTS is automatically enabled with its default policy and a warning is issued.
To get rid of this warning, explicitly enable()
an Hsts
policy.
Methods
impl SpaceHelmet
[src]
pub fn new() -> Self
[src]
Returns an instance of SpaceHelmet
with no headers enabled.
Example
use rocket_contrib::helmet::SpaceHelmet; let helmet = SpaceHelmet::new();
pub fn enable<P: Policy>(self, policy: P) -> Self
[src]
Enables the policy header policy
.
If the poliicy was previously enabled, the configuration is replaced
with that of policy
.
Example
use rocket_contrib::helmet::SpaceHelmet; use rocket_contrib::helmet::NoSniff; let helmet = SpaceHelmet::new().enable(NoSniff::default());
pub fn disable<P: Policy>(self) -> Self
[src]
Disables the policy header policy
.
Example
use rocket_contrib::helmet::SpaceHelmet; use rocket_contrib::helmet::NoSniff; let helmet = SpaceHelmet::default().disable::<NoSniff>();
pub fn is_enabled<P: Policy>(&self) -> bool
[src]
Returns true
if the policy P
is enabled.
Example
use rocket_contrib::helmet::SpaceHelmet; use rocket_contrib::helmet::{XssFilter, NoSniff, Frame}; use rocket_contrib::helmet::{Hsts, ExpectCt, Referrer}; let helmet = SpaceHelmet::default(); assert!(helmet.is_enabled::<XssFilter>()); assert!(helmet.is_enabled::<NoSniff>()); assert!(helmet.is_enabled::<Frame>()); assert!(!helmet.is_enabled::<Hsts>()); assert!(!helmet.is_enabled::<ExpectCt>()); assert!(!helmet.is_enabled::<Referrer>());
Trait Implementations
impl Default for SpaceHelmet
[src]
impl Fairing for SpaceHelmet
[src]
fn info(&self) -> Info
[src]
fn on_response(&self, _request: &Request, response: &mut Response)
[src]
fn on_launch(&self, rocket: &Rocket)
[src]
fn on_attach(&self, rocket: Rocket) -> Result<Rocket, Rocket>
[src]
The attach callback. Returns Ok
if launch should proceed and Err
if launch should be aborted. Read more
fn on_request(&self, request: &mut Request, data: &Data)
[src]
The request callback. Read more
Auto Trait Implementations
impl Send for SpaceHelmet
impl Sync for SpaceHelmet
Blanket Implementations
impl<T, U> Into for T where
U: From<T>,
[src]
U: From<T>,
impl<T> From for T
[src]
impl<T, U> TryFrom for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = !
try_from
)The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T> Borrow for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T, U> TryInto for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,
type Error = <U as TryFrom<T>>::Error
try_from
)The type returned in the event of a conversion error.
fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>
[src]
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> BorrowMut for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> Typeable for T where
T: Any,
T: Any,
impl<T> IntoCollection for T
fn into_collection<A>(self) -> SmallVec<A> where
A: Array<Item = T>,
A: Array<Item = T>,
fn mapped<U, F, A>(self, f: F) -> SmallVec<A> where
A: Array<Item = U>,
F: FnMut(T) -> U,
A: Array<Item = U>,
F: FnMut(T) -> U,
impl<T, I> AsResult for T where
I: Input,
I: Input,
impl<T> IntoSql for T
[src]
fn into_sql<T>(self) -> Self::Expression where
Self: AsExpression<T>,
[src]
Self: AsExpression<T>,
Convert self
to an expression for Diesel's query builder. Read more
fn as_sql<'a, T>(&'a self) -> <&'a Self as AsExpression<T>>::Expression where
&'a Self: AsExpression<T>,
[src]
&'a Self: AsExpression<T>,
Convert &self
to an expression for Diesel's query builder. Read more
impl<T> Same for T
type Output = T
Should always be Self
impl<T> Erased for T
impl<T, U> TryInto for T where
U: TryFrom<T>,
U: TryFrom<T>,