Add headers for better security

O01eg

Feb 2, 2022, 10:51 AM

6CFNBL5LBZNP7CHANCXUZY5RQYREPSR6SQIKIWFLFXS4JU26KIWAC

Dependencies

[2] HZDCKIXQ Use constants for templates
[3] WW3KRXX6 Add page for reset game password
[4] EVP2FSBH Split index page
[5] WVHXYKCV Add postgresql pools
[6] HTYEGVBU Add data to reset password page
[7] QEK76JYT Process and log template render error

Change contents

edit in src/pages/reset_game_pwd.rs at line 4

[3.664]

[2.438]

use crate::pages::insert_security_headers;
replacement in src/pages/reset_game_pwd.rs at line 93

[3.266]→[3.873:907](∅→∅),[3.873]→[3.873:907](∅→∅)

HttpResponse::Ok().body(body)

[3.266]

[3.907]

insert_security_headers(HttpResponse::Ok()).body(body)
edit in src/pages/query_reset_game_pwd.rs at line 3

[2.595]

[2.595]

use crate::pages::insert_security_headers;
replacement in src/pages/query_reset_game_pwd.rs at line 15

[2.1023]→[2.1023:1057](∅→∅)

HttpResponse::Ok().body(body)

[2.1023]

[2.1057]

insert_security_headers(HttpResponse::Ok()).body(body)
edit in src/pages/mod.rs at line 1

[3.50]

[3.383]

use actix_web::HttpResponseBuilder;
edit in src/pages/mod.rs at line 28

[3.561]

pub fn insert_security_headers(mut response: HttpResponseBuilder) -> HttpResponseBuilder {
response
.insert_header((actix_web::http::header::X_FRAME_OPTIONS, "DENY"))
.insert_header((
actix_web::http::header::CONTENT_SECURITY_POLICY,
"default-src 'none'; frame-ancestors 'none'; object-src 'none'; script-src 'none'; style-src 'self'; img-src 'self'",
))
.insert_header((actix_web::http::header::REFERRER_POLICY, "same-origin"))
.insert_header((actix_web::http::header::X_XSS_PROTECTION, "1; mode=block"));
response
}
edit in src/pages/index.rs at line 3

[3.138]

[2.1368]

use crate::pages::insert_security_headers;
replacement in src/pages/index.rs at line 15

[3.515]→[3.298:332](∅→∅),[3.298]→[3.298:332](∅→∅)

HttpResponse::Ok().body(body)

[3.515]

[3.332]

insert_security_headers(HttpResponse::Ok()).body(body)