rustio_core/middleware/
security_headers.rs

1//! Add sensible security headers to every response. No arguments,
2//! no config — if someone needs something custom, they can write
3//! their own.
4
5use crate::error::Result;
6use crate::http::{Request, Response};
7use crate::router::Next;
8
9pub async fn security_headers(req: Request, next: Next) -> Result<Response> {
10    let mut resp = next.run(req).await?;
11    let headers_to_add = [
12        ("x-content-type-options", "nosniff"),
13        ("x-frame-options", "DENY"),
14        ("referrer-policy", "strict-origin-when-cross-origin"),
15        ("permissions-policy", "geolocation=(), microphone=(), camera=()"),
16    ];
17    for (name, value) in headers_to_add {
18        resp.headers.push((name.to_string(), value.to_string()));
19    }
20    Ok(resp)
21}

rustio_core/middleware/security_headers.rs

rustio_core/middleware/
security_headers.rs