spring_web::middleware

Module sensitive_headers

Source
Expand description

Middlewares that mark headers as sensitive.

§Example

use tower_http::sensitive_headers::SetSensitiveHeadersLayer;
use tower::{Service, ServiceExt, ServiceBuilder, service_fn};
use http::{Request, Response, header::AUTHORIZATION};
use http_body_util::Full;
use bytes::Bytes;
use std::{iter::once, convert::Infallible};

async fn handle(req: Request<Full<Bytes>>) -> Result<Response<Full<Bytes>>, Infallible> {
    // ...
}

let mut service = ServiceBuilder::new()
    // Mark the `Authorization` header as sensitive so it doesn't show in logs
    //
    // `SetSensitiveHeadersLayer` will mark the header as sensitive on both the
    // request and response.
    //
    // The middleware is constructed from an iterator of headers to easily mark
    // multiple headers at once.
    .layer(SetSensitiveHeadersLayer::new(once(AUTHORIZATION)))
    .service(service_fn(handle));

// Call the service.
let response = service
    .ready()
    .await?
    .call(Request::new(Full::default()))
    .await?;

Its important to think about the order in which requests and responses arrive at your middleware. For example to hide headers both on requests and responses when using TraceLayer you have to apply SetSensitiveRequestHeadersLayer before TraceLayer and SetSensitiveResponseHeadersLayer afterwards.

use tower_http::{
    trace::TraceLayer,
    sensitive_headers::{
        SetSensitiveRequestHeadersLayer,
        SetSensitiveResponseHeadersLayer,
    },
};
use tower::{Service, ServiceExt, ServiceBuilder, service_fn};
use http::header;
use std::sync::Arc;

let headers: Arc<[_]> = Arc::new([
    header::AUTHORIZATION,
    header::PROXY_AUTHORIZATION,
    header::COOKIE,
    header::SET_COOKIE,
]);

let service = ServiceBuilder::new()
    .layer(SetSensitiveRequestHeadersLayer::from_shared(Arc::clone(&headers)))
    .layer(TraceLayer::new_for_http())
    .layer(SetSensitiveResponseHeadersLayer::from_shared(headers))
    .service_fn(handle);

Structs§

SetSensitiveHeadersLayer
Mark headers as sensitive on both requests and responses.
SetSensitiveRequestHeaders
Mark request headers as sensitive.
SetSensitiveRequestHeadersLayer
Mark request headers as sensitive.
SetSensitiveResponseHeaders
Mark response headers as sensitive.
SetSensitiveResponseHeadersLayer
Mark response headers as sensitive.
SetSensitiveResponseHeadersResponseFuture
Response future for SetSensitiveResponseHeaders.

Type Aliases§

SetSensitiveHeaders
Mark headers as sensitive on both requests and responses.