Middleware & Security
Runique includes configurable security middlewares automatically applied in the optimal order through the slot system.
| Module | Description |
|---|---|
| CSRF Protection | Token, Double Submit Cookie, AJAX |
| Content Security Policy | Nonce, profiles, headers |
| Sessions | Store, durations, access in handlers |
| Hosts & Cache | Allowed Hosts, Cache-Control, security headers |
| Builder & Configuration | Classic Builder, Intelligent Builder, environment variables |
| Rate Limiting | Per-IP, per-route rate limiting, configurable |
| Login Required | Route protection — redirects if not authenticated |
Execution Stack
Incoming request
↓
1. Extensions (slot 0) → Inject Engine, Tera, Config
2. ErrorHandler (slot 10) → Capture and render errors
3. Custom (slot 20+) → Your custom middlewares
4. CSP (slot 30) → Content Security Policy & headers
5. Cache (slot 40) → No-cache in development
6. Session (slot 50) → Session management
7. CSRF (slot 60) → Cross-Site Request Forgery protection
8. Host (slot 70) → Allowed host validation
↓
Handler (your code)