...
Parent | Configuration | Required | Default | Type | Description | ||
|---|---|---|---|---|---|---|---|
|
|
| Integer | Port tia Viewer is listening to. | |||
|
|
| String | Path in container context containing the license file. This path or the license file must be mapped from permanent host file system. See Location of the license file (Vc) . | |||
|
|
|
| String | Hostname of the server with the content server | ||
|
|
|
| Integer | Port of the content server usually | ||
|
|
|
| String | Protocol of the content server | ||
|
|
|
| String | Context Path of the content server. | ||
|
| tia Viewer maps repositories to instance | List<String> | Relevant in CSV configuration, seehttps://kgs-software.atlassian.net/wiki/spaces/WIKI/pages/3246620679/Supported+Scenarios+Vc#Content-Server-Viewer-(CSV). This parameter allows to map repositories to instances that can be configured separately. For more information see Instance settings . Example in YAML configuration file:
| |||
|
| ❗ |
| String | This default is not intended for production use: Change this value | ||
|
|
|
| String | Default stamps available to all instances in addition to the instance specific stamps configured. Stamp files are supported in the following formats: Configuration allows to enter a folder e.g.:
one or more files:
| ||
|
|
|
| Integer | Number of slots available in stamps cache entries. Each slot can hold one stamp file of size limited by | ||
|
|
|
| Integer | Lifetime of unused entries in stamp cache in minutes. | ||
|
|
|
| Integer | Max file size in bytes of each stamp file. | ||
|
|
|
| String (Enum) | Triggers how emails are displayed and edited. Available values:
|
HTTP Headers configuration
These parameters allow specification of HTTP Header required in web security contexts.
| Info |
|---|
Incorrect settings of these parameters may result in tia Viewer Core not functioning correctly. |
...
Parent
...
Configuration
...
Required
...
Default
...
Type
...
Description
...
spring.security.csp
...
policy
| Code Block |
|---|
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self' https://login.microsoftonline.com; frame-src 'self' blob:; object-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self' https://login.microsoftonline.com https://outlook.office.com; base-uri 'self'; manifest-src 'self'; worker-src 'self'; |
...
String
...
Content Security Policy.
This setting secures communication between web server and browser against various attacks like XSS, or injections.
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
...
spring.security.cors
...
allowed-origins
...
| Code Block |
|---|
http(s)://localhost:<port> |
...
String
...
CORS Header: Access-Control-Allowed-Origin.
The Browser accepts resources from the allowed origin only. In the default, it will be created from:
${server.ssl.enabled:false} → if true, HTTPS
${server.address}
${server.port}
May be directly overwritten with
spring.security.cors.allowed-origins:
Allowed values are:
*( Asterisk - from everywhere)<origin> (one absolute URL)
Example:
| Code Block |
|---|
spring.security.cors.allowed-origins: "*" |
...
spring.security.cors
...
allowed-headers
...
| Code Block |
|---|
Access-Control-Allow-Headers, Access-Control-Allow-Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin, Cache-Control, Content-Type, Authorization |
...
List<String>
...
CORS Header: Access-Control-Allowed-Headers.
The Headers, that are allowed by the browser. See:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
Allowed values are:
*(Asterisk - all Headers)
List<String> (String list, comma seperated)
Example:
| Code Block |
|---|
spring.security.cors.allowed-headers: "*" |
...
spring.security.cors
...
allowed-headers
...
| Code Block |
|---|
Access-Control-Allow-Headers, Access-Control-Allow-Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin, Cache-Control, Content-Type, Authorization |
...
List<String>
...
CORS Header: Access-Control-Allowed-Headers.
The Headers, that are allowed by the browser. See:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
Allowed values are:
*(Asterisk - all Headers)
List<String> (String list, comma seperated)
Example:
| Code Block |
|---|
spring.security.cors.allowed-headers: "*" |
...
spring.security.cors
...
allow-credentials
...
true
...
Boolean
...
CORS Header: Access-Control-Allow-Credentials.
Tell the browser, whether it allowes cross-origin request credentials or not (credentials may be in cookies etc.)
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
Example:
| Code Block |
|---|
tia.security.cors.allow-credentials: false |
...
spring.security.cors
...
allow-x-frame-options-from
...
DENY
...
String(Enum)
CORS Header: X-Frame-Options.
Tells the browser if it accept the content of the viewer when its embedded in an iFrame.
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
| Info | ||
|---|---|---|
Hint: This flag is obsolete when using CSP
|
Allowed values are:
*(Allow from everywhere)DENYSAMEORIGINALLOW-FROMXXXXXX (http-address [origin])
Example:
| Code Block |
|---|
spring.security.cors.allow-x-frame-options-from: "*" |
...
spring.security.xss
...
mode
...
disabled
...
String (Enum)
Cross-Site Protection Header.
| Note |
|---|
Should not be set in Production. |
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
Allowed values are:
block modeblockdisabled
Example:
| Code Block |
|---|
spring.security.xss.mode: block-mode |