Module tower_http::sensitive_headers
source · Available on crate feature
sensitive-headers
only.Expand description
Middlewares that mark headers as sensitive.
Example
use tower_http::sensitive_headers::SetSensitiveHeadersLayer;
use tower::{Service, ServiceExt, ServiceBuilder, service_fn};
use http::{Request, Response, header::AUTHORIZATION};
use hyper::Body;
use std::{iter::once, convert::Infallible};
async fn handle(req: Request<Body>) -> Result<Response<Body>, Infallible> {
// ...
}
let mut service = ServiceBuilder::new()
// Mark the `Authorization` header as sensitive so it doesn't show in logs
//
// `SetSensitiveHeadersLayer` will mark the header as sensitive on both the
// request and response.
//
// The middleware is constructed from an iterator of headers to easily mark
// multiple headers at once.
.layer(SetSensitiveHeadersLayer::new(once(AUTHORIZATION)))
.service(service_fn(handle));
// Call the service.
let response = service
.ready()
.await?
.call(Request::new(Body::empty()))
.await?;
Its important to think about the order in which requests and responses arrive at your
middleware. For example to hide headers both on requests and responses when using
TraceLayer
you have to apply SetSensitiveRequestHeadersLayer
before TraceLayer
and SetSensitiveResponseHeadersLayer
afterwards.
use tower_http::{
trace::TraceLayer,
sensitive_headers::{
SetSensitiveRequestHeadersLayer,
SetSensitiveResponseHeadersLayer,
},
};
use tower::{Service, ServiceExt, ServiceBuilder, service_fn};
use http::header;
use std::sync::Arc;
let headers: Arc<[_]> = Arc::new([
header::AUTHORIZATION,
header::PROXY_AUTHORIZATION,
header::COOKIE,
header::SET_COOKIE,
]);
let service = ServiceBuilder::new()
.layer(SetSensitiveRequestHeadersLayer::from_shared(Arc::clone(&headers)))
.layer(TraceLayer::new_for_http())
.layer(SetSensitiveResponseHeadersLayer::from_shared(headers))
.service_fn(handle);
Structs
Mark headers as sensitive on both requests and responses.
Mark request headers as sensitive.
Mark request headers as sensitive.
Mark response headers as sensitive.
Mark response headers as sensitive.
Response future for
SetSensitiveResponseHeaders
.Type Definitions
Mark headers as sensitive on both requests and responses.