https://github.com/atrox/tower-helmet

tower-helmet helps you secure your tower server by setting various HTTP headers. It's not a silver bullet, but it can help!
https://github.com/atrox/tower-helmet

helmet http-headers middleware rust rust-tower security tower

Last synced: about 1 month ago
JSON representation

tower-helmet helps you secure your tower server by setting various HTTP headers. It's not a silver bullet, but it can help!

• Host: GitHub
• URL: https://github.com/atrox/tower-helmet
• Owner: Atrox
• License: mit
• Created: 2021-12-22T18:43:16.000Z (almost 4 years ago)
• Default Branch: master
• Last Pushed: 2024-01-29T21:37:11.000Z (over 1 year ago)
• Last Synced: 2024-11-07T13:17:59.831Z (11 months ago)
• Topics: helmet, http-headers, middleware, rust, rust-tower, security, tower
• Language: Rust
• Homepage: https://crates.io/crates/tower-helmet
• Size: 28.3 KB
• Stars: 4
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# tower-helmet

[![Crates.io](https://img.shields.io/crates/v/tower-helmet)](https://crates.io/crates/tower-helmet)

[![Documentation](https://docs.rs/tower-helmet/badge.svg)](https://docs.rs/tower-helmet)

[![License](https://img.shields.io/crates/l/tower-helmet)](LICENSE)

this is still very **work in progress**

a port of the beautiful [helmet.js](https://github.com/helmetjs/helmet) in the javascript world.

`tower-helmet` helps you secure your tower server by setting various HTTP headers. _It's not a silver bullet_, but it can help!

You can find a list of all available headers under the [header] module. By default (with [HelmetLayer::default]) **all of them** are enabled.

Please take a good look at [ContentSecurityPolicy]. Most of the time you will need to adapt this one to your needs.

# Examples

```rust

use tower_helmet::header::{ContentSecurityPolicy, ExpectCt, XFrameOptions};

use tower_helmet::HelmetLayer;

// default layer with all security headers active

let layer = HelmetLayer::with_defaults();

// default layer with customizations applied

let mut directives = HashMap::new();

directives.insert("default-src", vec!["'self'", "https://example.com"]);

directives.insert("img-src", vec!["'self'", "data:", "https://example.com"]);

directives.insert("script-src", vec!["'self'", "'unsafe-inline'", "https://example.com"]);

let csp = ContentSecurityPolicy {

  directives,

  ..Default::default()

};

let layer = HelmetLayer::with_defaults().enable(csp);

// completely blank layer, selectively enable and add headers

let layer = HelmetLayer::blank()

  .enable(XFrameOptions::SameOrigin)

  .enable(ExpectCt::default());

```