coder-rust-tower-http by ozerohax/assistagents

<skill_overview> Apply reusable HTTP middleware with tower-http safely Adding request/response tracing Configuring CORS Enabling compression or timeouts Propagating request IDs tower-http GitHub tower-http Docs </skill_overview> <layer_selection> Enable only required tower-http features in Cargo.toml Prefer TraceLayer for request spans and latency Use CorsLayer for browser-facing APIs Use TimeoutLayer for external calls and slow handlers </layer_selection> Set request IDs early, propagate later Place tracing outside of compression for full visibility Keep security layers (CORS) near the edge <request_ids> Use SetRequestIdLayer + PropagateRequestIdLayer Use a consistent header name (X-Request-Id) </request_ids> Do not use permissive CORS in production Whitelist origins, methods, and headers explicitly Align allow_credentials with specific origins Enable compression only for sizable responses Avoid compressing already compressed formats <anti_patterns> Avoid CorsLayer::permissive in prod Avoid stacking multiple timeouts Avoid logging sensitive headers in TraceLayer </anti_patterns>