use rust_webx_core::error::Result;
use rust_webx_core::http::IHttpContext;
use rust_webx_core::middleware::IMiddleware;
use std::ops::ControlFlow;
pub struct SecurityHeadersMiddleware;
impl SecurityHeadersMiddleware {
pub fn new() -> Self {
Self
}
}
impl Default for SecurityHeadersMiddleware {
fn default() -> Self {
Self::new()
}
}
#[async_trait::async_trait]
impl IMiddleware for SecurityHeadersMiddleware {
async fn invoke(&self, ctx: &mut dyn IHttpContext) -> Result<ControlFlow<()>> {
let resp = ctx.response_mut();
resp.set_header("x-content-type-options", "nosniff");
resp.set_header("x-frame-options", "DENY");
resp.set_header("x-xss-protection", "1; mode=block");
resp.set_header("referrer-policy", "strict-origin-when-cross-origin");
resp.set_header(
"permissions-policy",
"camera=(), microphone=(), geolocation=()",
);
resp.set_header("cache-control", "no-store");
Ok(ControlFlow::Continue(()))
}
}