From 7b936bc443d22fca679a1fca72b488adfecee3e6 Mon Sep 17 00:00:00 2001
From: Rob Ede <robjtede@icloud.com>
Date: Mon, 2 Jan 2023 13:33:31 +0000
Subject: [PATCH] add some useful header name constants (#2956)

---
 actix-http/CHANGES.md           |  8 +++++++
 actix-http/src/header/common.rs | 39 +++++++++++++++++++++++++++++++++
 actix-http/src/header/mod.rs    | 35 +++++++++++++++++++----------
 3 files changed, 70 insertions(+), 12 deletions(-)
 create mode 100644 actix-http/src/header/common.rs

diff --git a/actix-http/CHANGES.md b/actix-http/CHANGES.md
index 045ae461f..3c820ccf8 100644
--- a/actix-http/CHANGES.md
+++ b/actix-http/CHANGES.md
@@ -4,12 +4,20 @@
 ### Added
 - Implement `MessageBody` for `&mut B` where `B: MessageBody + Unpin`. [#2868]
 - Implement `MessageBody` for `Pin<B>` where `B::Target: MessageBody`. [#2868]
+- Header name constants in `header` module. [#2956]
+  - `CROSS_ORIGIN_EMBEDDER_POLICY`
+  - `CROSS_ORIGIN_OPENER_POLICY`
+  - `PERMISSIONS_POLICY`
+  - `X_FORWARDED_FOR`
+  - `X_FORWARDED_HOST`
+  - `X_FORWARDED_PROTO`
 
 ### Performance
 - Improve overall performance of operations on `Extensions`. [#2890]
 
 [#2868]: https://github.com/actix/actix-web/pull/2868
 [#2890]: https://github.com/actix/actix-web/pull/2890
+[#2956]: https://github.com/actix/actix-web/pull/2956
 
 
 ## 3.2.2 - 2022-09-11
diff --git a/actix-http/src/header/common.rs b/actix-http/src/header/common.rs
new file mode 100644
index 000000000..52909099a
--- /dev/null
+++ b/actix-http/src/header/common.rs
@@ -0,0 +1,39 @@
+//! Common header names not defined in [`http`].
+//!
+//! Any headers added to this file will need to be re-exported from the list at `crate::headers`.
+
+use http::header::HeaderName;
+
+/// Response header that prevents a document from loading any cross-origin resources that don't
+/// explicitly grant the document permission (using [CORP] or [CORS]).
+///
+/// [CORP]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP)
+/// [CORS]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
+pub const CROSS_ORIGIN_EMBEDDER_POLICY: HeaderName =
+    HeaderName::from_static("cross-origin-embedder-policy");
+
+/// Response header that allows you to ensure a top-level document does not share a browsing context
+/// group with cross-origin documents.
+pub const CROSS_ORIGIN_OPENER_POLICY: HeaderName =
+    HeaderName::from_static("cross-origin-opener-policy");
+
+/// Response header that conveys a desire that the browser blocks no-cors cross-origin/cross-site
+/// requests to the given resource.
+pub const CROSS_ORIGIN_RESOURCE_POLICY: HeaderName =
+    HeaderName::from_static("cross-origin-resource-policy");
+
+/// Response header that provides a mechanism to allow and deny the use of browser features in a
+/// document or within any `<iframe>` elements in the document.
+pub const PERMISSIONS_POLICY: HeaderName = HeaderName::from_static("permissions-policy");
+
+/// Request header (de-facto standard) for identifying the originating IP address of a client
+/// connecting to a web server through a proxy server.
+pub const X_FORWARDED_FOR: HeaderName = HeaderName::from_static("x-forwarded-for");
+
+/// Request header (de-facto standard) for identifying the original host requested by the client in
+/// the `Host` HTTP request header.
+pub const X_FORWARDED_HOST: HeaderName = HeaderName::from_static("x-forwarded-host");
+
+/// Request header (de-facto standard) for identifying the protocol that a client used to connect to
+/// your proxy or load balancer.
+pub const X_FORWARDED_PROTO: HeaderName = HeaderName::from_static("x-forwarded-proto");
diff --git a/actix-http/src/header/mod.rs b/actix-http/src/header/mod.rs
index 5f352fc12..e2c2fe912 100644
--- a/actix-http/src/header/mod.rs
+++ b/actix-http/src/header/mod.rs
@@ -1,14 +1,18 @@
 //! Pre-defined `HeaderName`s, traits for parsing and conversion, and other header utility methods.
 
+// declaring new header consts will yield this error
+#![allow(clippy::declare_interior_mutable_const)]
+
 use percent_encoding::{AsciiSet, CONTROLS};
 
 // re-export from http except header map related items
-pub use http::header::{
+pub use ::http::header::{
     HeaderName, HeaderValue, InvalidHeaderName, InvalidHeaderValue, ToStrError,
 };
 
-// re-export const header names
-pub use http::header::{
+// re-export const header names, list is explicit so that any updates to `common` module do not
+// conflict with this set
+pub use ::http::header::{
     ACCEPT, ACCEPT_CHARSET, ACCEPT_ENCODING, ACCEPT_LANGUAGE, ACCEPT_RANGES,
     ACCESS_CONTROL_ALLOW_CREDENTIALS, ACCESS_CONTROL_ALLOW_HEADERS,
     ACCESS_CONTROL_ALLOW_METHODS, ACCESS_CONTROL_ALLOW_ORIGIN, ACCESS_CONTROL_EXPOSE_HEADERS,
@@ -30,22 +34,29 @@ pub use http::header::{
 use crate::{error::ParseError, HttpMessage};
 
 mod as_name;
+mod common;
 mod into_pair;
 mod into_value;
 pub mod map;
 mod shared;
 mod utils;
 
-pub use self::as_name::AsHeaderName;
-pub use self::into_pair::TryIntoHeaderPair;
-pub use self::into_value::TryIntoHeaderValue;
-pub use self::map::HeaderMap;
-pub use self::shared::{
-    parse_extended_value, q, Charset, ContentEncoding, ExtendedValue, HttpDate, LanguageTag,
-    Quality, QualityItem,
+pub use self::{
+    as_name::AsHeaderName,
+    into_pair::TryIntoHeaderPair,
+    into_value::TryIntoHeaderValue,
+    map::HeaderMap,
+    shared::{
+        parse_extended_value, q, Charset, ContentEncoding, ExtendedValue, HttpDate,
+        LanguageTag, Quality, QualityItem,
+    },
+    utils::{fmt_comma_delimited, from_comma_delimited, from_one_raw_str, http_percent_encode},
 };
-pub use self::utils::{
-    fmt_comma_delimited, from_comma_delimited, from_one_raw_str, http_percent_encode,
+
+// re-export list is explicit so that any updates to `http` do not conflict with this set
+pub use self::common::{
+    CROSS_ORIGIN_EMBEDDER_POLICY, CROSS_ORIGIN_OPENER_POLICY, CROSS_ORIGIN_RESOURCE_POLICY,
+    PERMISSIONS_POLICY, X_FORWARDED_FOR, X_FORWARDED_HOST, X_FORWARDED_PROTO,
 };
 
 /// An interface for types that already represent a valid header.