Skip to main content

Module secure_headers

typeway_server

Module secure_headers 

Source
Expand description

Security headers middleware — adds standard security headers to every response.

Applies a configurable set of HTTP security headers. The defaults follow OWASP recommendations and can be overridden or disabled individually.

§Example

use typeway_server::secure_headers::SecureHeadersLayer;

Server::<API>::new(handlers)
    .layer(SecureHeadersLayer::new())
    .serve(addr)
    .await?;

§Customization

SecureHeadersLayer::new()
    .hsts(63_072_000)                          // enable HSTS (TLS only)
    .frame_options("SAMEORIGIN")               // allow same-origin framing
    .content_security_policy("default-src 'self'; script-src 'self' cdn.example.com")
    .custom("X-Custom-Header", "value")

Structs§

SecureHeadersLayer
A Tower layer that adds security headers to every response.
SecureHeadersService
The Tower service produced by SecureHeadersLayer.