24 lines
787 B
Rust
24 lines
787 B
Rust
use crate::IntoHeader;
|
|
use http::header::{HeaderName, InvalidHeaderValue};
|
|
use http::HeaderValue;
|
|
|
|
/// `XXSSProtection` disables browsers' buggy cross-site scripting filter by setting the `X-XSS-Protection` header to `0`.
|
|
/// See [discussion about disabling the header here](https://github.com/helmetjs/helmet/issues/230) and [documentation on MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection).
|
|
pub struct XXSSProtection;
|
|
|
|
impl Default for XXSSProtection {
|
|
fn default() -> Self {
|
|
XXSSProtection
|
|
}
|
|
}
|
|
|
|
impl IntoHeader for XXSSProtection {
|
|
fn header_name(&self) -> HeaderName {
|
|
http::header::X_XSS_PROTECTION
|
|
}
|
|
|
|
fn header_value(&self) -> Result<HeaderValue, InvalidHeaderValue> {
|
|
HeaderValue::from_str("0")
|
|
}
|
|
}
|