rustio_admin/middleware/
security_headers.rs

1//! Add sensible security headers to every response. No arguments,
2//! no config — if someone needs something custom, they can write
3//! their own.
4
5use crate::error::Result;
6use crate::http::{Request, Response};
7use crate::router::Next;
8
9pub async fn security_headers(req: Request, next: Next) -> Result<Response> {
10    let mut resp = next.run(req).await?;
11    let headers_to_add = [
12        ("x-content-type-options", "nosniff"),
13        ("x-frame-options", "DENY"),
14        ("referrer-policy", "strict-origin-when-cross-origin"),
15        (
16            "permissions-policy",
17            "geolocation=(), microphone=(), camera=()",
18        ),
19    ];
20    for (name, value) in headers_to_add {
21        resp.headers.push((name.to_string(), value.to_string()));
22    }
23    Ok(resp)
24}

rustio_admin/middleware/security_headers.rs

rustio_admin/middleware/
security_headers.rs