game_list/backend/src/security_headers.rs
2026-01-19 16:20:55 +01:00

34 lines
1.2 KiB
Rust

use rocket::fairing::{Fairing, Info, Kind};
use rocket::http::Header;
use rocket::{Request, Response};
pub struct SecurityHeaders;
#[rocket::async_trait]
impl Fairing for SecurityHeaders {
fn info(&self) -> Info {
Info {
name: "Security Headers",
kind: Kind::Response,
}
}
async fn on_response<'r>(&self, _request: &'r Request<'_>, response: &mut Response<'r>) {
response.set_header(Header::new("X-Content-Type-Options", "nosniff"));
response.set_header(Header::new("X-Frame-Options", "DENY"));
response.set_header(Header::new("X-XSS-Protection", "1; mode=block"));
response.set_header(Header::new(
"Referrer-Policy",
"strict-origin-when-cross-origin",
));
response.set_header(Header::new(
"Content-Security-Policy",
"default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none';",
));
response.set_header(Header::new(
"Permissions-Policy",
"geolocation=(), microphone=(), camera=()",
));
}
}