sjg/trx-rs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[feat](trx-frontend-http): add security headers and real IP logging

Browse Source 
Add CORS, referrer policy, and content-type security headers.
Configure logger to track real client IP in reverse-proxy setups
via Forwarded / X-Forwarded-For / X-Real-IP headers.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Stanislaw Grams <sjg@haxx.space>
This commit is contained in:
Stan Grams
2026-02-20 23:03:17 +01:00
parent 0de1d1bd6b
commit 73e57d1cf1
1 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/trx-client/trx-frontend/trx-frontend-http/src/server.rs
+14 -2
View File
@@ -17,7 +17,10 @@ use std::sync::Arc;
use std::time::Duration; use std::time::Duration;
use actix_web::dev::Server; use actix_web::dev::Server;
use actix_web::{web, App, HttpServer, middleware::Logger}; use actix_web::{
middleware::{DefaultHeaders, Logger},
web, App, HttpServer,
};
use tokio::signal; use tokio::signal;
use tokio::sync::{mpsc, watch}; use tokio::sync::{mpsc, watch};
use tokio::task::JoinHandle; use tokio::task::JoinHandle;
@@ -117,7 +120,16 @@ fn build_server(
.app_data(clients.clone()) .app_data(clients.clone())
.app_data(context_data.clone()) .app_data(context_data.clone())
.app_data(auth_state.clone()) .app_data(auth_state.clone())
.wrap(Logger::default()) .wrap(
DefaultHeaders::new()
.add(("Referrer-Policy", "same-origin"))
.add(("Cross-Origin-Resource-Policy", "same-origin"))
.add(("Cross-Origin-Opener-Policy", "same-origin"))
.add(("X-Content-Type-Options", "nosniff")),
)
// Use "real IP" so reverse-proxy setups can pass client address
// via Forwarded / X-Forwarded-For / X-Real-IP headers.
.wrap(Logger::new(r#"%{r}a "%r" %s %b "%{Referer}i" "%{User-Agent}i" %T"#))
.wrap(auth::AuthMiddleware) .wrap(auth::AuthMiddleware)
.configure(api::configure) .configure(api::configure)
}) })