This commit is contained in:
Andras Schmelczer 2026-07-03 18:39:34 +01:00
parent 1ee796b282
commit ab688243d7
36 changed files with 307 additions and 135 deletions

View file

@ -125,12 +125,7 @@ async fn static_cache_headers(
response
}
/// Add baseline security headers to every response. These are deliberately the
/// low-risk, broadly-compatible set: a Content-Security-Policy and
/// Permissions-Policy are intentionally left out because this app loads many
/// cross-origin resources (maplibre/deck.gl, Stripe, Google Street View,
/// analytics, the error sink) and a mis-scoped policy would break the map or
/// checkout. They should be added later as report-only first.
async fn security_headers(
request: axum::extract::Request,
next: middleware::Next,