security.json
947 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
{
"csrf": {
"enabled": false,
"key": "_csrf",
"secret": "_csrfSecret"
},
"csp": {
"enabled": false,
"policy": {
"default-src": "'self'"
}
},
"p3p": {
"enabled": false,
"value": ""
},
"hsts": {
"enabled": false,
"maxAge": 31536000,
"includeSubDomains": true
},
"xframe": {
"enabled": false,
"value": "SAMEORIGIN"
},
"xss": {
"enabled": false,
"mode": "block"
},
"cors": {
"enabled": true,
"origin": "*",
"expose": [
"WWW-Authenticate",
"Server-Authorization"
],
"maxAge": 31536000,
"credentials": true,
"methods": [
"GET",
"POST",
"PUT",
"PATCH",
"DELETE",
"OPTIONS",
"HEAD"
],
"headers": [
"Content-Type",
"Authorization",
"X-Frame-Options",
"Origin"
]
},
"ip": {
"enabled": false,
"whiteList": [],
"blackList": []
}
}