luckyimnotanigger/redlib
1
0
Fork 0
mirror of https://github.com/redlib-org/redlib.git synced 2025-06-08 07:37:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Specify default headers for security

Browse source
This commit is contained in:
spikecodes 2021-01-28 21:53:10 -08:00
parent 30c33d91e1
commit f55ea5a353
3 changed files with 10 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/main.rs
View file

@ -21,12 +21,14 @@ async fn style() -> HttpResponse {
async fn robots() -> HttpResponse {
HttpResponse::Ok()
.content_type("text/plain")
.header("Cache-Control", "public, max-age=1209600, s-maxage=86400")
.body("User-agent: *\nAllow: /")
}
async fn favicon() -> HttpResponse {
HttpResponse::Ok()
.content_type("image/x-icon")
.header("Cache-Control", "public, max-age=1209600, s-maxage=86400")
.body(include_bytes!("../static/favicon.ico").as_ref())
}
@ -66,6 +68,12 @@ async fn main() -> std::io::Result<()> {
})
// Append trailing slash and remove double slashes
.wrap(middleware::NormalizePath::default())
// Apply default headers for security
.wrap(middleware::DefaultHeaders::new()
.header("Referrer-Policy", "no-referrer")
.header("X-Content-Type-Options", "nosniff")
.header("X-Frame-Options", "DENY")
.header("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; base-uri 'none'; img-src 'self' data:; form-action 'self'; frame-ancestors: 'none';"))
// Default service in case no routes match
.default_service(web::get().to(|| utils::error("Nothing here".to_string())))
// Read static files