M Cargo.toml => Cargo.toml +1 -1
@@ 96,7 96,7 @@ tracing = { version = "0.1.34", features = [] }
tracing-tree = "0.2.1"
tracing-log = "0.1.3"
tracing-subscriber = { version = "0.3.11", features = ["env-filter", "json"] }
-tower-http = { version = "0.3.3", features = ["trace", "cors", "catch-panic"] }
+tower-http = { version = "0.3.3", features = ["trace", "cors", "catch-panic", "sensitive-headers"] }
tower = { version = "0.4.12", features = ["tracing"] }
webauthn = { version = "0.4.5", package = "webauthn-rs", features = ["danger-allow-state-serialisation"], optional = true }
[dependencies.tokio]
M src/main.rs => src/main.rs +7 -1
@@ 229,7 229,13 @@ async fn compose_kittybox(
.route("/.kittybox/coffee", teapot_route())
.nest("/.kittybox/micropub/client", kittybox::companion::router())
.layer(tower_http::trace::TraceLayer::new_for_http())
- .layer(tower_http::catch_panic::CatchPanicLayer::new());
+ .layer(tower_http::catch_panic::CatchPanicLayer::new())
+ .layer(tower_http::sensitive_headers::SetSensitiveHeadersLayer::new([
+ axum::http::header::AUTHORIZATION,
+ // Not used yet, but will be eventually
+ axum::http::header::COOKIE,
+ axum::http::header::SET_COOKIE,
+ ]));
(router, task)
}