Skip to main content

security_headers_middleware

datasynth_server::rest::security_headers

Function security_headers_middleware 

Source 
pub async fn security_headers_middleware(
    request: Request<Body>,
    next: Next,
) -> Response<Body>
Expand description

Security headers middleware.

Adds the following headers to all responses:

  • X-Content-Type-Options: nosniff
  • X-Frame-Options: DENY
  • X-XSS-Protection: 0 (modern best practice - rely on CSP instead)
  • Referrer-Policy: strict-origin-when-cross-origin
  • Content-Security-Policy: default-src 'none'; frame-ancestors 'none'
  • Cache-Control: no-store (API responses should not be cached)