Skip to main content

security_headers_layer

netray_common::security_headers

Function security_headers_layer 

Source 
pub fn security_headers_layer(
    config: SecurityHeadersConfig,
) -> impl Fn(Request, Next) -> Pin<Box<dyn Future<Output = Response> + Send>> + Clone + Send + 'static
Expand description

Build a security headers middleware function from the given config.

Returns an async closure suitable for axum::middleware::from_fn.

Headers applied:

  • Content-Security-Policy: Restricts resource loading to same origin. style-src 'unsafe-inline' is included for inline styles. Paths matching relaxed_csp_path_prefix get additional script-src origins.
  • X-Content-Type-Options: nosniff
  • X-Frame-Options: DENY
  • Referrer-Policy: strict-origin-when-cross-origin
  • Strict-Transport-Security: max-age=31536000; includeSubDomains
  • Permissions-Policy (optional, when include_permissions_policy is true)