Middleware & Security

Runique includes configurable security middlewares automatically applied in the optimal order through the slot system.

Dans cette page

Module	Description
CSRF Protection	Token, Double Submit Cookie, AJAX
Content Security Policy	Nonce, profiles, headers
Sessions	Store, durations, access in handlers
Hosts & Cache	Allowed Hosts, Cache-Control, security headers
Builder & Configuration	Classic Builder, Intelligent Builder, environment variables
Rate Limiting	Per-IP, per-route rate limiting, configurable

Execution Stack

Incoming request
↓
1. Extensions (slot 0)     → Inject Engine, Tera, Config
2. ErrorHandler (slot 10)  → Capture and render errors
3. Custom (slot 20+)       → Your custom middlewares
4. CSP (slot 30)           → Content Security Policy & headers
5. Cache (slot 40)         → No-cache in development
6. Session (slot 50)       → Session management
7. CSRF (slot 60)          → Cross-Site Request Forgery protection
8. Host (slot 70)          → Allowed host validation
   ↓
   Handler (your code)