tower-canonical-redirect

A tower middleware to enforce canonical hosts in HTTP requests. Useful when you want to redirect website users from insecure http connections and/or www subdomains to a single canonical https domain.

The middleware uses framework-agnostic http and futures abstractions, making it compatible with other crates such as hyper, axum, tonic, warp, etc.

Features

• Enables redirecting HTTP requests from any valid host to another, preserving path and query.
• Works behind reverse proxies by parsing Forwarded, X-Forwarded-Proto, X-Forwarded-Host, or custom headers.
• Defaults to 308 Permanent Redirect, but can be configured to use 307 Temporary Redirect for specific origins.

Example

Basic usage with axum:

use tower_canonical_redirect::CanonicalRedirectLayer;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>>
{
	let mut router = axum::Router::new()
		.route("/", axum::routing::get(async || "Hello world"));

	if let Ok(origin) = std::env::var("CANONICAL_ORIGIN")
	{
		let layer = CanonicalRedirectLayer::new(origin)?;
		router = router.layer(layer);
	}

	let listener = tokio::net::TcpListener::bind("127.0.0.1:8000").await?;
	axum::serve(listener, router).await?;

	Ok(())
}

Using the builder API:

let layer = CanonicalRedirectLayer::builder("https://example.com")
	.proto_header("X-Custom-Proto")
	.host_header("X-Custom-Host")
	.temporary_origin("http://www.example.com")
	.temporary_origin("https://www.example.com")
	.build()
	.unwrap();

License

All code in this repository is free and open source software distributed under the terms of either license, at your option:

• MIT
• Apache 2.0