rustio_admin/middleware/
security_headers.rs

1//! Add sensible security headers to every response. No arguments,
2//! no config — if someone needs something custom, they can write
3//! their own.
4
5use crate::error::Result;
6use crate::http::{Request, Response};
7use crate::router::Next;
8
9// public:
10pub async fn security_headers(req: Request, next: Next) -> Result<Response> {
11    let mut resp = next.run(req).await?;
12    let headers_to_add = [
13        ("x-content-type-options", "nosniff"),
14        ("x-frame-options", "DENY"),
15        ("referrer-policy", "strict-origin-when-cross-origin"),
16        (
17            "permissions-policy",
18            "geolocation=(), microphone=(), camera=()",
19        ),
20    ];
21    for (name, value) in headers_to_add {
22        resp.headers.push((name.to_string(), value.to_string()));
23    }
24    Ok(resp)
25}

rustio_admin/middleware/security_headers.rs

rustio_admin/middleware/
security_headers.rs