Struct SecurityHeadersBuilder 

pub struct SecurityHeadersBuilder { /* private fields */ }

Builder for SecurityHeaders.

Provides a fluent interface for configuring security headers.

Implementations

impl SecurityHeadersBuilder

pub fn content_security_policy(self, policy: ContentSecurityPolicy) -> Self

Sets the Content-Security-Policy.

Examples

use http_security_headers::{SecurityHeaders, ContentSecurityPolicy};

let csp = ContentSecurityPolicy::new()
    .default_src(vec!["'self'"])
    .script_src(vec!["'self'", "'unsafe-inline'"]);

let headers = SecurityHeaders::builder()
    .content_security_policy(csp)
    .build()
    .unwrap();

pub fn strict_transport_security( self, max_age: Duration, include_subdomains: bool, preload: bool, ) -> Self

Sets the Strict-Transport-Security header.

Arguments

• max_age - Duration for the max-age directive
• include_subdomains - Whether to include the includeSubDomains directive
• preload - Whether to include the preload directive

Examples

use http_security_headers::SecurityHeaders;
use std::time::Duration;

let headers = SecurityHeaders::builder()
    .strict_transport_security(Duration::from_secs(31536000), true, false)
    .build()
    .unwrap();

pub fn strict_transport_security_policy( self, policy: StrictTransportSecurity, ) -> Self

Sets the Strict-Transport-Security header with a custom policy.

pub fn x_frame_options_deny(self) -> Self

Sets X-Frame-Options to DENY.

Examples

use http_security_headers::SecurityHeaders;

let headers = SecurityHeaders::builder()
    .x_frame_options_deny()
    .build()
    .unwrap();

pub fn x_frame_options_sameorigin(self) -> Self

Sets X-Frame-Options to SAMEORIGIN.

Examples

use http_security_headers::SecurityHeaders;

let headers = SecurityHeaders::builder()
    .x_frame_options_sameorigin()
    .build()
    .unwrap();

pub fn x_frame_options(self, policy: XFrameOptions) -> Self

Sets the X-Frame-Options header with a custom value.

pub fn x_content_type_options_nosniff(self) -> Self

Enables X-Content-Type-Options: nosniff.

This is enabled by default in preset configurations.

Examples

use http_security_headers::SecurityHeaders;

let headers = SecurityHeaders::builder()
    .x_content_type_options_nosniff()
    .build()
    .unwrap();

pub fn referrer_policy(self, policy: ReferrerPolicy) -> Self

Sets the Referrer-Policy header.

pub fn referrer_policy_no_referrer(self) -> Self

Sets Referrer-Policy to no-referrer.

pub fn referrer_policy_strict_origin_when_cross_origin(self) -> Self

Sets Referrer-Policy to strict-origin-when-cross-origin.

pub fn cross_origin_opener_policy(self, policy: CrossOriginOpenerPolicy) -> Self

Sets the Cross-Origin-Opener-Policy header.

pub fn cross_origin_embedder_policy( self, policy: CrossOriginEmbedderPolicy, ) -> Self

Sets the Cross-Origin-Embedder-Policy header.

pub fn cross_origin_resource_policy( self, policy: CrossOriginResourcePolicy, ) -> Self

Sets the Cross-Origin-Resource-Policy header.

pub fn build(self) -> Result<SecurityHeaders>

Builds the SecurityHeaders configuration.

Errors

Returns an error if the configuration is invalid.

Trait Implementations

impl Debug for SecurityHeadersBuilder

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for SecurityHeadersBuilder

fn default() -> SecurityHeadersBuilder

Returns the “default value” for a type.