Middleware & Security
Runique includes configurable security middlewares automatically applied in the optimal order through the slot system.
| Module | Description |
|---|---|
| CSRF Protection | Token, Double Submit Cookie, AJAX |
| Content Security Policy | Nonce, profiles, headers |
| Sessions | Store, durations, access in handlers |
| Hosts & Cache | Allowed Hosts, Cache-Control, security headers |
| Builder & Configuration | Classic Builder, Intelligent Builder, environment variables |
| Rate Limiting | Per-IP, per-route rate limiting, configurable |
| Login Required | Route protection β redirects if not authenticated |
Execution Stack
Incoming request
β
1. Extensions (slot 0) β Inject Engine, Tera, Config
2. ErrorHandler (slot 10) β Capture and render errors
3. Custom (slot 20+) β Your custom middlewares
4. CSP (slot 30) β Content Security Policy & headers
5. Cache (slot 40) β No-cache in development
6. Session (slot 50) β Session management
7. CSRF (slot 60) β Cross-Site Request Forgery protection
8. Host (slot 70) β Allowed host validation
β
Handler (your code)