fix: Add CSRF protection

2026-05-26 20:49:55 +00:00 · 2026-03-03 14:30:16 -05:00
parent d13801e976
commit 07a935f625
3 changed files with 18 additions and 0 deletions
@@ -35,6 +35,7 @@ tower-http.workspace = true
 serde.workspace = true
 memory-serve = "2.1.0"
 validator = { version = "0.20.0", features = ["derive"] }
+tower-sec-fetch = { version = "0.1.2", features = ["tracing"] }

 [build-dependencies]
 memory-serve = "2.1.0"
@@ -6,6 +6,7 @@ use axum::{
 };
 use conduwuit_service::state;
 use tower_http::set_header::SetResponseHeaderLayer;
+use tower_sec_fetch::SecFetchLayer;

 mod pages;

@@ -60,4 +61,7 @@ pub fn build() -> Router<state::State> {
 			header::CONTENT_SECURITY_POLICY,
 			HeaderValue::from_static("default-src 'self'; img-src 'self' data:;"),
 		))
+		.layer(SecFetchLayer::new(|policy| {
+			policy.allow_safe_methods().reject_missing_metadata();
+		}))
 }