alvaro/normogen
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
normogen/backend/src/middleware/security_headers.rs
goose 4627903999
Some checks failed
Lint and Build / Lint (push) Failing after 7s
Details
Lint and Build / Build (push) Has been skipped
Details
Lint and Build / Docker Build (push) Has been skipped
Details
feat: complete Phase 2.6 - Security Hardening 
- Implement session management with device tracking
- Implement audit logging system
- Implement account lockout for brute-force protection
- Add security headers middleware
- Add rate limiting middleware (stub)
- Integrate security services into main application

Build Status: Compiles successfully
Phase: 2.6 of 8 (75% complete)
2026-03-05 09:09:46 -03:00

39 lines
963 B
Rust
Raw Blame History

use axum::{
extract::Request,
http::HeaderValue,
middleware::Next,
response::Response,
};
pub async fn security_headers_middleware(
req: Request,
next: Next,
) -> Response {
let mut response = next.run(req).await;
let headers = response.headers_mut();
// Security headers
headers.insert(
"X-Content-Type-Options",
HeaderValue::from_static("nosniff"),
);
headers.insert(
"X-Frame-Options",
HeaderValue::from_static("DENY"),
);
headers.insert(
"X-XSS-Protection",
HeaderValue::from_static("1; mode=block"),
);
headers.insert(
"Strict-Transport-Security",
HeaderValue::from_static("max-age=31536000; includeSubDomains"),
);
headers.insert(
"Content-Security-Policy",
HeaderValue::from_static("default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"),
);
response
}
Reference in a new issue View git blame Copy permalink