Skip to content

Commit af8754e

Browse files
wojcik91wojcik91
committed
review fixes
1 parent 5ed0b3e commit af8754e

2 files changed

Lines changed: 21 additions & 8 deletions

File tree

src/config.rs

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,14 @@ fn default_adoption_timeout() -> u64 {
2828
10
2929
}
3030

31+
fn default_rate_limit_per_second() -> u64 {
32+
10
33+
}
34+
35+
fn default_rate_limit_burst() -> u32 {
36+
100
37+
}
38+
3139
#[derive(Parser, Debug, Deserialize, Clone)]
3240
#[command(version)]
3341
pub struct EnvConfig {
@@ -51,11 +59,11 @@ pub struct EnvConfig {
5159
pub log_level: LevelFilter,
5260

5361
#[arg(long, env = "DEFGUARD_PROXY_RATELIMIT_PERSECOND", default_value_t = 10)]
54-
#[serde(default)]
62+
#[serde(default = "default_rate_limit_per_second")]
5563
pub rate_limit_per_second: u64,
5664

5765
#[arg(long, env = "DEFGUARD_PROXY_RATELIMIT_BURST", default_value_t = 100)]
58-
#[serde(default)]
66+
#[serde(default = "default_rate_limit_burst")]
5967
pub rate_limit_burst: u32,
6068

6169
/// Configuration file path

src/http.rs

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -249,7 +249,7 @@ async fn security_headers_middleware(
249249
if tls {
250250
headers.insert(
251251
header::STRICT_TRANSPORT_SECURITY,
252-
HeaderValue::from_static("max-age=31536000; includeSubDomains"),
252+
HeaderValue::from_static("max-age=31536000"),
253253
);
254254
}
255255

@@ -557,6 +557,9 @@ pub async fn run_server(
557557
};
558558

559559
// Build axum app
560+
// Capture a clone for security_headers_middleware which must be applied *outside*
561+
// TimeoutLayer so that 408 timeout responses also carry the security headers.
562+
let security_headers_state = shared_state.clone();
560563
let mut app = Router::new()
561564
.route("/", get(index))
562565
.route("/{*path}", get(index))
@@ -579,20 +582,22 @@ pub async fn run_server(
579582
shared_state.clone(),
580583
ensure_configured,
581584
))
582-
.layer(middleware::from_fn_with_state(
583-
shared_state.clone(),
584-
security_headers_middleware,
585-
))
586585
.layer(middleware::from_fn_with_state(
587586
shared_state.clone(),
588587
core_version_middleware,
589588
))
590-
.layer(DefguardVersionLayer::new(Version::parse(VERSION)?))
591589
.layer(TimeoutLayer::with_status_code(
592590
StatusCode::REQUEST_TIMEOUT,
593591
REQUEST_TIMEOUT,
594592
))
595593
.with_state(shared_state)
594+
// security_headers_middleware and DefguardVersionLayer are applied outside
595+
// TimeoutLayer so that 408 responses also receive security headers.
596+
.layer(middleware::from_fn_with_state(
597+
security_headers_state,
598+
security_headers_middleware,
599+
))
600+
.layer(DefguardVersionLayer::new(Version::parse(VERSION)?))
596601
.layer(
597602
TraceLayer::new_for_http()
598603
.make_span_with(|request: &Request<Body>| {

0 commit comments

Comments
 (0)