pub struct Shield { /* private fields */ }
Expand description
A Fairing
that injects browser security and privacy headers into all
outgoing responses.
Usage
To use Shield
, first construct an instance of it. To use the default
set of headers, construct with Shield::default()
.
For an instance with no preset headers, use Shield::new()
. To
enable an additional header, use enable()
, and to
disable a header, use disable()
:
use rocket::shield::Shield;
use rocket::shield::{XssFilter, ExpectCt};
// A `Shield` with the default headers:
let shield = Shield::default();
// A `Shield` with the default headers minus `XssFilter`:
let shield = Shield::default().disable::<XssFilter>();
// A `Shield` with the default headers plus `ExpectCt`.
let shield = Shield::default().enable(ExpectCt::default());
// A `Shield` with only `XssFilter` and `ExpectCt`.
let shield = Shield::default()
.enable(XssFilter::default())
.enable(ExpectCt::default());
Then, attach the instance of Shield
to your application’s instance of
Rocket
:
rocket::build()
// ...
.attach(shield)
The fairing will inject all enabled headers into all outgoing responses unless the response already contains a header with the same name. If it does contain the header, a warning is emitted, and the header is not overwritten.
TLS and HSTS
If TLS is configured and enabled when the application is launched in a non-debug profile, HSTS is automatically enabled with its default policy and a warning is logged.
To get rid of this warning, explicitly Shield::enable()
an Hsts
policy.
Implementations
sourceimpl Shield
impl Shield
sourcepub fn new() -> Self
pub fn new() -> Self
Returns an instance of Shield
with no headers enabled.
Example
use rocket::shield::Shield;
let shield = Shield::new();
sourcepub fn enable<P: Policy>(self, policy: P) -> Self
pub fn enable<P: Policy>(self, policy: P) -> Self
Enables the policy header policy
.
If the poliicy was previously enabled, the configuration is replaced
with that of policy
.
Example
use rocket::shield::Shield;
use rocket::shield::NoSniff;
let shield = Shield::new().enable(NoSniff::default());
sourcepub fn disable<P: Policy>(self) -> Self
pub fn disable<P: Policy>(self) -> Self
Disables the policy header policy
.
Example
use rocket::shield::Shield;
use rocket::shield::NoSniff;
let shield = Shield::default().disable::<NoSniff>();
sourcepub fn is_enabled<P: Policy>(&self) -> bool
pub fn is_enabled<P: Policy>(&self) -> bool
Returns true
if the policy P
is enabled.
Example
use rocket::shield::Shield;
use rocket::shield::{Permission, NoSniff, Frame};
use rocket::shield::{Prefetch, ExpectCt, Referrer};
let shield = Shield::default();
assert!(shield.is_enabled::<NoSniff>());
assert!(shield.is_enabled::<Frame>());
assert!(shield.is_enabled::<Permission>());
assert!(!shield.is_enabled::<Prefetch>());
assert!(!shield.is_enabled::<ExpectCt>());
assert!(!shield.is_enabled::<Referrer>());
Trait Implementations
sourceimpl Fairing for Shield
impl Fairing for Shield
sourcefn on_liftoff<'life0, 'life1, 'async_trait>(
&'life0 self,
rocket: &'life1 Rocket<Orbit>
) -> Pin<Box<dyn Future<Output = ()> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
fn on_liftoff<'life0, 'life1, 'async_trait>(
&'life0 self,
rocket: &'life1 Rocket<Orbit>
) -> Pin<Box<dyn Future<Output = ()> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
The liftoff callback. Read more
sourcefn on_response<'r, 'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
__arg1: &'r Request<'life1>,
response: &'life2 mut Response<'r>
) -> Pin<Box<dyn Future<Output = ()> + Send + 'async_trait>> where
'r: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait,
fn on_response<'r, 'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
__arg1: &'r Request<'life1>,
response: &'life2 mut Response<'r>
) -> Pin<Box<dyn Future<Output = ()> + Send + 'async_trait>> where
'r: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait,
The response callback. Read more
sourcefn on_ignite<'life0, 'async_trait>(
&'life0 self,
rocket: Rocket<Build>
) -> Pin<Box<dyn Future<Output = Result> + Send + 'async_trait>> where
'life0: 'async_trait,
Self: 'async_trait,
fn on_ignite<'life0, 'async_trait>(
&'life0 self,
rocket: Rocket<Build>
) -> Pin<Box<dyn Future<Output = Result> + Send + 'async_trait>> where
'life0: 'async_trait,
Self: 'async_trait,
The ignite callback. Returns Ok
if ignition should proceed and Err
if ignition and launch should be aborted. Read more
sourcefn on_request<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
_req: &'life1 mut Request<'life2>,
_data: &'life3 mut Data<'life4>
) -> Pin<Box<dyn Future<Output = ()> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait,
Self: 'async_trait,
fn on_request<'life0, 'life1, 'life2, 'life3, 'life4, 'async_trait>(
&'life0 self,
_req: &'life1 mut Request<'life2>,
_data: &'life3 mut Data<'life4>
) -> Pin<Box<dyn Future<Output = ()> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
'life4: 'async_trait,
Self: 'async_trait,
The request callback. Read more
Auto Trait Implementations
impl !RefUnwindSafe for Shield
impl Send for Shield
impl Sync for Shield
impl Unpin for Shield
impl !UnwindSafe for Shield
Blanket Implementations
impl<'a, T> AsTaggedExplicit<'a> for T where
T: 'a,
impl<'a, T> AsTaggedExplicit<'a> for T where
T: 'a,
fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self>
impl<'a, T> AsTaggedImplicit<'a> for T where
T: 'a,
impl<'a, T> AsTaggedImplicit<'a> for T where
T: 'a,
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
sourceimpl<T> Instrument for T
impl<T> Instrument for T
sourcefn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
sourcefn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
impl<T> IntoCollection<T> for T
impl<T> IntoCollection<T> for T
fn into_collection<A>(self) -> SmallVec<A> where
A: Array<Item = T>,
fn into_collection<A>(self) -> SmallVec<A> where
A: Array<Item = T>,
Converts self
into a collection.
fn mapped<U, F, A>(self, f: F) -> SmallVec<A> where
F: FnMut(T) -> U,
A: Array<Item = U>,
impl<V, T> VZip<V> for T where
V: MultiLane<T>,
impl<V, T> VZip<V> for T where
V: MultiLane<T>,
fn vzip(self) -> V
sourceimpl<T> WithSubscriber for T
impl<T> WithSubscriber for T
sourcefn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self> where
S: Into<Dispatch>,
fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self> where
S: Into<Dispatch>,
Attaches the provided Subscriber
to this type, returning a
WithDispatch
wrapper. Read more
sourcefn with_current_subscriber(self) -> WithDispatch<Self>
fn with_current_subscriber(self) -> WithDispatch<Self>
Attaches the current default Subscriber
to this type, returning a
WithDispatch
wrapper. Read more