Versions Compared

Old Version 14

changes.mady.by.user verena.franz-milz

Saved on

compared with

New Version 15

changes.mady.by.user Armin Franke

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Parent

Configuration

Required

Default

Type

Description

tia.destinations.saphttp

host

(tick)

 

String

Hostname of the server with the content server

tia.destinations.saphttp

port

(tick)

 

Integer

Port of the content server usually 80 or 443

tia.destinations.saphttp

protocol

 

https

String

Protocol of the content server http or https

tia.destinations.saphttp

path

 

/contentserver

String

Context Path of the content server usually /contentserver.

tia

repositoryinstancemapping

tia Viewer maps repositories to instance default, that are not explicitly mapped here.

List<String>

Relevant in CSV configuration, seehttps://kgs-software.atlassian.net/wiki/spaces/WIKI/pages/3246620679/Supported+Scenarios+Vc#Content-Server-Viewer-(CSV).

This parameter allows to map repositories to instances that can be configured separately. For more information see Instance settings .

Example in YAML configuration file:

Code Block
tia:
  repositoryinstancemapping:
    FI: finance
    HR: finance
    TR: default
    ZI: production

tia

secKey

 ❗

ABC123

String

This default is not intended for production use: Change this value

tia.stamps

locations

 

 

String

Default stamps available to all instances , additional in addition to the instance specific stamps configured values.

Stamp files are supported in the following formats:
JPEG, PNG, BMP, GIF

Configuration allows to enter a folder e.g.:

file:///tmp/stamps/

one or more files:

"file:///tmp/stamps/accept.png, /tmp/stamps_new/declined.jpg"

tia.stamps

cacheSize

 

100

Integer

Max size of Number of slots available in stamps cache entries, i.e. . Each slot can hold one stamp file is one entryof size limited by maxFileSize. If more stamps are present, the oldest ones are removed from cache.

tia.stamps

expireMinutes

 

10

Integer

Lifetime of unused entries in stamp cache in minutes.

tia.stamps

maxFileSize

 

10000000

Integer

Max file size in bytes of each stamp file.

tia.mail

view_mode

 

Popup

String (Enum)

How Triggers how emails are displayed and edited. Available values:

Popup (new window/tab is opened),

Embedded (in current window/tab)

...

Parent

Configuration

Required

Default

Type

Description

spring.security.csp

policy

Code Block
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; frame-src 'self' blob:; object-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; manifest-src 'self'; worker-src 'self';

String

Content Security Policy. Secure

This setting secures communication between web server and browser against various attacks like XSS, Injection and moreor injections.

See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

spring.security.cors

allowed-origins

Code Block
http(s)://localhost:<port>

String

CORS Header: Access-Control-Allowed-Origin.

The Browser Accepts accepts resources from the allowed origin only. In the default, it will be created from:

${server.ssl.enabled:false} → if true, HTTPS

${server.address}

${server.port}

May be directly overwritten with

spring.security.cors.allowed-origins:

Allowed values are:

  • * ( Asterisk - from everywhere)

  • <origin> (one absolute URL)

Example:

Code Block
spring.security.cors.allowed-origins: "*"

spring.security.cors

allowed-headers

Code Block
Access-Control-Allow-Headers, Access-Control-Allow-Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin, Cache-Control, Content-Type, Authorization

List<String>

CORS Header: Access-Control-Allowed-Headers.

The Headers, that are allowed by the browser. See:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers

Allowed values are:

  • *(Asterisk - all Headers)

  • List<String> (String list, comma seperated)

Example:

Code Block
spring.security.cors.allowed-headers: "*"

spring.security.cors

allowed-headers

Code Block
Access-Control-Allow-Headers, Access-Control-Allow-Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin, Cache-Control, Content-Type, Authorization

List<String>

CORS Header: Access-Control-Allowed-Headers.

The Headers, that are allowed by the browser. See:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers

Allowed values are:

  • *(Asterisk - all Headers)

  • List<String> (String list, comma seperated)

Example:

Code Block
spring.security.cors.allowed-headers: "*"

spring.security.cors

allow-credentials

true

Boolean

CORS Header: Access-Control-Allow-Credentials.

Tell the browser, whether it allowes cross-origin request credentials or not (credentials may be in cookies etc.)

See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials

Example:

Code Block
tia.security.cors.allowe-credentials: false

spring.security.cors

allow-x-frame-options-from

DENY

String(Enum)

CORS Header: X-Frame-Options.

Tells the browser if it accept the content of the viewer when its embedded in an IFrame.

See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

Info

Hint: This flag is obsolete when using CSP

Code Block
frame-ancestor

Allowed values are:

  • * (Allow from everywhere)

  • DENY

  • SAMEORIGIN

  • ALLOW-FROM XXXXXX (http-address [origin])

Example:

Code Block
spring.security.cors.allow-x-frame-options-from: "*"

spring.security.xss

mode

disabled

String (Enum)

Cross-Site Protection Header.

Note

Should not be set in Production.

See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

Allowed values are:

  • block mode

  • block

  • disabled

Example:

Code Block
spring.security.xss.mode: block-mode

...