Module tower_http::sensitive_headers

Available on crate feature sensitive-headers only.

Middlewares that mark headers as sensitive.

Example

use tower_http::sensitive_headers::SetSensitiveHeadersLayer;
use tower::{Service, ServiceExt, ServiceBuilder, service_fn};
use http::{Request, Response, header::AUTHORIZATION};
use hyper::Body;
use std::{iter::once, convert::Infallible};

async fn handle(req: Request<Body>) -> Result<Response<Body>, Infallible> {
    // ...
}

let mut service = ServiceBuilder::new()
    // Mark the `Authorization` header as sensitive so it doesn't show in logs
    //
    // `SetSensitiveHeadersLayer` will mark the header as sensitive on both the
    // request and response.
    //
    // The middleware is constructed from an iterator of headers to easily mark
    // multiple headers at once.
    .layer(SetSensitiveHeadersLayer::new(once(AUTHORIZATION)))
    .service(service_fn(handle));

// Call the service.
let response = service
    .ready()
    .await?
    .call(Request::new(Body::empty()))
    .await?;

Its important to think about the order in which requests and responses arrive at your middleware. For example to hide headers both on requests and responses when using TraceLayer you have to apply SetSensitiveRequestHeadersLayer before TraceLayer and SetSensitiveResponseHeadersLayer afterwards.

use tower_http::{
    trace::TraceLayer,
    sensitive_headers::{
        SetSensitiveRequestHeadersLayer,
        SetSensitiveResponseHeadersLayer,
    },
};
use tower::{Service, ServiceExt, ServiceBuilder, service_fn};
use http::header;
use std::sync::Arc;

let headers: Arc<[_]> = Arc::new([
    header::AUTHORIZATION,
    header::PROXY_AUTHORIZATION,
    header::COOKIE,
    header::SET_COOKIE,
]);

let service = ServiceBuilder::new()
    .layer(SetSensitiveRequestHeadersLayer::from_shared(Arc::clone(&headers)))
    .layer(TraceLayer::new_for_http())
    .layer(SetSensitiveResponseHeadersLayer::from_shared(headers))
    .service_fn(handle);

Structs

SetSensitiveHeadersLayer

Mark headers as sensitive on both requests and responses.

SetSensitiveRequestHeaders

Mark request headers as sensitive.

SetSensitiveRequestHeadersLayer

Mark request headers as sensitive.

SetSensitiveResponseHeaders

Mark response headers as sensitive.

SetSensitiveResponseHeadersLayer

Mark response headers as sensitive.

SetSensitiveResponseHeadersResponseFuture

Response future for SetSensitiveResponseHeaders.

Type Definitions

SetSensitiveHeaders

Mark headers as sensitive on both requests and responses.