#http-header #security #header #tower #http #service #https

tower-helmet

Helps with securing your tower servers with various HTTP headers

4 releases (2 breaking)

0.3.0 Jan 29, 2024
0.2.1 Nov 9, 2022
0.2.0 Apr 12, 2022
0.1.0 Dec 22, 2021

#45 in #https

Download history 44/week @ 2024-07-20 84/week @ 2024-07-27 204/week @ 2024-08-03 569/week @ 2024-08-10 698/week @ 2024-08-17 706/week @ 2024-08-24 651/week @ 2024-08-31 663/week @ 2024-09-07 87/week @ 2024-09-14 62/week @ 2024-09-21 59/week @ 2024-09-28 41/week @ 2024-10-05 50/week @ 2024-10-12 113/week @ 2024-10-19 25/week @ 2024-10-26 69/week @ 2024-11-02

263 downloads per month

MIT license

31KB
542 lines

tower-helmet

Crates.io Documentation License

this is still very work in progress

a port of the beautiful helmet.js in the javascript world.

tower-helmet helps you secure your tower server by setting various HTTP headers. It's not a silver bullet, but it can help!

You can find a list of all available headers under the [header] module. By default (with HelmetLayer::default) all of them are enabled. Please take a good look at [ContentSecurityPolicy]. Most of the time you will need to adapt this one to your needs.

Examples

use tower_helmet::header::{ContentSecurityPolicy, ExpectCt, XFrameOptions};
use tower_helmet::HelmetLayer;

// default layer with all security headers active
let layer = HelmetLayer::with_defaults();

// default layer with customizations applied
let mut directives = HashMap::new();
directives.insert("default-src", vec!["'self'", "https://example.com"]);
directives.insert("img-src", vec!["'self'", "data:", "https://example.com"]);
directives.insert("script-src", vec!["'self'", "'unsafe-inline'", "https://example.com"]);
let csp = ContentSecurityPolicy {
  directives,
  ..Default::default()
};

let layer = HelmetLayer::with_defaults().enable(csp);

// completely blank layer, selectively enable and add headers
let layer = HelmetLayer::blank()
  .enable(XFrameOptions::SameOrigin)
  .enable(ExpectCt::default());

Dependencies

~1.5MB
~26K SLoC