Struct rocket_contrib::helmet::SpaceHelmet

pub struct SpaceHelmet { /* fields omitted */ }

A Fairing that adds HTTP headers to outgoing responses that control security features on the browser.

Usage

To use SpaceHelmet, first construct an instance of it. To use the default set of headers, construct with SpaceHelmet::default(). For an instance with no preset headers, use SpaceHelmet::new(). To enable an additional header, use enable(), and to disable a header, use disable():

use rocket_contrib::helmet::SpaceHelmet;
use rocket_contrib::helmet::{XssFilter, ExpectCt};

// A `SpaceHelmet` with the default headers:
let helmet = SpaceHelmet::default();

// A `SpaceHelmet` with the default headers minus `XssFilter`:
let helmet = SpaceHelmet::default().disable::<XssFilter>();

// A `SpaceHelmet` with the default headers plus `ExpectCt`.
let helmet = SpaceHelmet::default().enable(ExpectCt::default());

// A `SpaceHelmet` with only `XssFilter` and `ExpectCt`.
let helmet = SpaceHelmet::default()
    .enable(XssFilter::default())
    .enable(ExpectCt::default());

Then, attach the instance of SpaceHelmet to your application’s instance of Rocket:

rocket::ignite()
    // ...
    .attach(helmet)

The fairing will inject all enabled headers into all outgoing responses unless the response already contains a header with the same name. If it does contain the header, a warning is emitted, and the header is not overwritten.

TLS and HSTS

If TLS is configured and enabled when the application is launched in a non-development environment (e.g., staging or production), HSTS is automatically enabled with its default policy and a warning is issued.

To get rid of this warning, explicitly enable() an Hsts policy.

Implementations

impl SpaceHelmet

pub fn new() -> Self

Returns an instance of SpaceHelmet with no headers enabled.

Example

use rocket_contrib::helmet::SpaceHelmet;

let helmet = SpaceHelmet::new();

pub fn enable<P: Policy>(self, policy: P) -> Self

Enables the policy header policy.

If the poliicy was previously enabled, the configuration is replaced with that of policy.

Example

use rocket_contrib::helmet::SpaceHelmet;
use rocket_contrib::helmet::NoSniff;

let helmet = SpaceHelmet::new().enable(NoSniff::default());

pub fn disable<P: Policy>(self) -> Self

Disables the policy header policy.

Example

use rocket_contrib::helmet::SpaceHelmet;
use rocket_contrib::helmet::NoSniff;

let helmet = SpaceHelmet::default().disable::<NoSniff>();

pub fn is_enabled<P: Policy>(&self) -> bool

Returns true if the policy P is enabled.

Example

use rocket_contrib::helmet::SpaceHelmet;
use rocket_contrib::helmet::{XssFilter, NoSniff, Frame};
use rocket_contrib::helmet::{Hsts, ExpectCt, Referrer};

let helmet = SpaceHelmet::default();

assert!(helmet.is_enabled::<XssFilter>());
assert!(helmet.is_enabled::<NoSniff>());
assert!(helmet.is_enabled::<Frame>());

assert!(!helmet.is_enabled::<Hsts>());
assert!(!helmet.is_enabled::<ExpectCt>());
assert!(!helmet.is_enabled::<Referrer>());

Trait Implementations

impl Default for SpaceHelmet

fn default() -> Self

Returns a new SpaceHelmet instance. See the table for a description of the policies used by default.

Example

use rocket_contrib::helmet::SpaceHelmet;

let helmet = SpaceHelmet::default();

impl Fairing for SpaceHelmet

fn info(&self) -> Info

Returns an Info structure containing the name and Kind of this fairing. The name can be any arbitrary string. Kind must be an ord set of Kind variants.

fn on_response(&self, _request: &Request<'_>, response: &mut Response<'_>)

The response callback.

fn on_launch(&self, rocket: &Rocket)

The launch callback.

fn on_attach(&self, rocket: Rocket) -> Result<Rocket, Rocket>

The attach callback. Returns Ok if launch should proceed and Err if launch should be aborted.

fn on_request(&self, request: &mut Request<'_>, data: &Data)

The request callback.