tower_helmet/header/
x_xss_protection.rs

1use http::header::{HeaderName, InvalidHeaderValue};
2use http::HeaderValue;
3
4use crate::IntoHeader;
5
6/// `XXSSProtection` disables browsers' buggy cross-site scripting filter by setting the
7/// `X-XSS-Protection` header to `0`. See [discussion about disabling the header here](https://github.com/helmetjs/helmet/issues/230) and [documentation on MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection).
8pub struct XXSSProtection;
9
10impl Default for XXSSProtection {
11    fn default() -> Self {
12        XXSSProtection
13    }
14}
15
16impl IntoHeader for XXSSProtection {
17    fn header_name(&self) -> HeaderName {
18        http::header::X_XSS_PROTECTION
19    }
20
21    fn header_value(&self) -> Result<HeaderValue, InvalidHeaderValue> {
22        HeaderValue::from_str("0")
23    }
24}

tower_helmet/header/x_xss_protection.rs

tower_helmet/header/
x_xss_protection.rs