rustio-core 1.8.2

RustIO runtime library: HTTP, router, Postgres ORM, admin, RBAC, search, migrations, AI planner.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

//! Add sensible security headers to every response. No arguments,
//! no config — if someone needs something custom, they can write
//! their own.

use crate::error::Result;
use crate::http::{Request, Response};
use crate::router::Next;

pub async fn security_headers(req: Request, next: Next) -> Result<Response> {
    let mut resp = next.run(req).await?;
    let headers_to_add = [
        ("x-content-type-options", "nosniff"),
        ("x-frame-options", "DENY"),
        ("referrer-policy", "strict-origin-when-cross-origin"),
        ("permissions-policy", "geolocation=(), microphone=(), camera=()"),
    ];
    for (name, value) in headers_to_add {
        resp.headers.push((name.to_string(), value.to_string()));
    }
    Ok(resp)
}