tower-helmet
| Crates.io | tower-helmet |
| lib.rs | tower-helmet |
| version | 0.3.0 |
| source | src |
| created_at | 2021-12-22 18:10:06.494619 |
| updated_at | 2024-01-29 20:27:29.186052 |
| description | Helps with securing your tower servers with various HTTP headers |
| homepage | https://github.com/atrox/tower-helmet |
| repository | https://github.com/atrox/tower-helmet |
| max_upload_size | |
| id | 501853 |
| size | 31,578 |
Atrox (Atrox)
documentation
README
tower-helmet
this is still very work in progress
a port of the beautiful helmet.js in the javascript world.
tower-helmet helps you secure your tower server by setting various HTTP headers. It's not a silver bullet, but it can help!
You can find a list of all available headers under the [header] module. By default (with [HelmetLayer::default]) all of them are enabled. Please take a good look at [ContentSecurityPolicy]. Most of the time you will need to adapt this one to your needs.
Examples
use tower_helmet::header::{ContentSecurityPolicy, ExpectCt, XFrameOptions};
use tower_helmet::HelmetLayer;
// default layer with all security headers active
let layer = HelmetLayer::with_defaults();
// default layer with customizations applied
let mut directives = HashMap::new();
directives.insert("default-src", vec!["'self'", "https://example.com"]);
directives.insert("img-src", vec!["'self'", "data:", "https://example.com"]);
directives.insert("script-src", vec!["'self'", "'unsafe-inline'", "https://example.com"]);
let csp = ContentSecurityPolicy {
directives,
..Default::default()
};
let layer = HelmetLayer::with_defaults().enable(csp);
// completely blank layer, selectively enable and add headers
let layer = HelmetLayer::blank()
.enable(XFrameOptions::SameOrigin)
.enable(ExpectCt::default());