Expand description
The HTTP Strict-Transport-Security (HSTS) header: enforces strict HTTPS usage.
HSTS tells the browser that the site should only be accessed using HTTPS
instead of HTTP. HSTS prevents a variety of downgrading attacks and should
always be used when TLS is enabled. Shield will turn HSTS on and issue a
warning if you enable TLS without enabling HSTS when the application is run
in non-debug profiles.
While HSTS is important for HTTPS security, incorrectly configured HSTS can lead to problems as you are disallowing access to non-HTTPS enabled parts of your site. Yelp engineering has good discussion of potential challenges that can arise and how to roll this out in a large scale setting. So, if you use TLS, use HSTS, but roll it out with care.
Variants
Enable(Duration)
Browser should only permit this site to be accesses by HTTPS for the
next Duration.
IncludeSubDomains(Duration)
Like Hsts::Enable, but also apply to all of the site’s subdomains.
Preload(Duration)
Send a “preload” HSTS header, which requests inclusion in the HSTS
preload list. This variant implies Hsts::IncludeSubDomains, which
implies Hsts::Enable.
The provided Duration must be at least 365 days. If the duration
provided is less than 365 days, the header will be written out with a
max-age of 365 days.
Details
Google maintains an HSTS preload service that can be used to prevent the browser from ever connecting to your site over an insecure connection. Read more at MDN. Don’t enable this before you have registered your site and you ensure that it meets the requirements specified by the preload service.
Trait Implementations
impl Copy for Hsts
impl StructuralPartialEq for Hsts
Auto Trait Implementations
impl RefUnwindSafe for Hsts
impl Send for Hsts
impl Sync for Hsts
impl Unpin for Hsts
impl UnwindSafe for Hsts
Blanket Implementations
impl<'a, T> AsTaggedExplicit<'a> for T where
T: 'a,
impl<'a, T> AsTaggedExplicit<'a> for T where
T: 'a,
fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self>
impl<'a, T> AsTaggedImplicit<'a> for T where
T: 'a,
impl<'a, T> AsTaggedImplicit<'a> for T where
T: 'a,
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
sourceimpl<T> Instrument for T
impl<T> Instrument for T
sourcefn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
sourcefn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
impl<T> IntoCollection<T> for T
impl<T> IntoCollection<T> for T
fn into_collection<A>(self) -> SmallVec<A> where
A: Array<Item = T>,
fn into_collection<A>(self) -> SmallVec<A> where
A: Array<Item = T>,
Converts self into a collection.
fn mapped<U, F, A>(self, f: F) -> SmallVec<A> where
F: FnMut(T) -> U,
A: Array<Item = U>,
sourceimpl<T> ToOwned for T where
T: Clone,
impl<T> ToOwned for T where
T: Clone,
type Owned = T
type Owned = T
The resulting type after obtaining ownership.
sourcefn clone_into(&self, target: &mut T)
fn clone_into(&self, target: &mut T)
toowned_clone_into)Uses borrowed data to replace owned data, usually by cloning. Read more
impl<V, T> VZip<V> for T where
V: MultiLane<T>,
impl<V, T> VZip<V> for T where
V: MultiLane<T>,
fn vzip(self) -> V
sourceimpl<T> WithSubscriber for T
impl<T> WithSubscriber for T
sourcefn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self> where
S: Into<Dispatch>,
fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self> where
S: Into<Dispatch>,
Attaches the provided Subscriber to this type, returning a
WithDispatch wrapper. Read more
sourcefn with_current_subscriber(self) -> WithDispatch<Self>
fn with_current_subscriber(self) -> WithDispatch<Self>
Attaches the current default Subscriber to this type, returning a
WithDispatch wrapper. Read more