Parent | Configuration | Required | Default | Type | Description |
---|---|---|---|---|---|
|
|
| Integer | Port tia Viewer is listening to. | |
|
|
| String | Hostname of the server with the content server | |
|
|
| Integer | Port of the content server usually | |
|
|
|
| String | Protocol of the content server |
|
|
|
| String | Context Path of the content server. |
|
| tia Viewer maps repositories to instance | List<String> | Relevant in CSV configuration, seehttps://kgs-software.atlassian.net/wiki/spaces/WIKI/pages/3246620679/Supported+Scenarios+Vc#Content-Server-Viewer-(CSV). This parameter allows to map repositories to instances that can be configured separately. For more information see Instance settings . Example in YAML configuration file: tia: repositoryinstancemapping: FI: finance HR: finance TR: default ZI: production | |
|
| ❗ |
| String | This default is not intended for production use: Change this value |
|
|
|
| String | Default stamps available to all instances in addition to the instance specific stamps configured. Stamp files are supported in the following formats: Configuration allows to enter a folder e.g.:
one or more files:
|
|
|
|
| Integer | Number of slots available in stamps cache entries. Each slot can hold one stamp file of size limited by |
|
|
|
| Integer | Lifetime of unused entries in stamp cache in minutes. |
|
|
|
| Integer | Max file size in bytes of each stamp file. |
|
|
|
| String (Enum) | Triggers how emails are displayed and edited. Available values:
|
HTTP Headers configuration
These parameters allow specification of HTTP Header required in web security contexts.
Incorrect settings of these parameters may result in tia Viewer Core not functioning correctly.
Parent | Configuration | Required | Default | Type | Description |
---|---|---|---|---|---|
|
| default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; frame-src 'self' blob:; object-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; manifest-src 'self'; worker-src 'self'; | String | Content Security Policy. This setting secures communication between web server and browser against various attacks like XSS, or injections. | |
|
| http(s)://localhost:<port> | String | CORS Header: Access-Control-Allowed-Origin. The Browser accepts resources from the allowed origin only. In the default, it will be created from:
May be directly overwritten with
Allowed values are:
Example: spring.security.cors.allowed-origins: "*" | |
|
| Access-Control-Allow-Headers, Access-Control-Allow-Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin, Cache-Control, Content-Type, Authorization | List<String> | CORS Header: Access-Control-Allowed-Headers. The Headers, that are allowed by the browser. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers Allowed values are:
Example: spring.security.cors.allowed-headers: "*" | |
|
| Access-Control-Allow-Headers, Access-Control-Allow-Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin, Cache-Control, Content-Type, Authorization | List<String> | CORS Header: Access-Control-Allowed-Headers. The Headers, that are allowed by the browser. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers Allowed values are:
Example: spring.security.cors.allowed-headers: "*" | |
|
|
| Boolean | CORS Header: Access-Control-Allow-Credentials. Tell the browser, whether it allowes cross-origin request credentials or not (credentials may be in cookies etc.) See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials Example: tia.security.cors.allow-credentials: false | |
|
|
| String(Enum) | CORS Header: X-Frame-Options. Tells the browser if it accept the content of the viewer when its embedded in an iFrame. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options Hint: This flag is obsolete when using CSP frame-ancestor Allowed values are:
Example: spring.security.cors.allow-x-frame-options-from: "*" | |
|
|
| String (Enum) | Cross-Site Protection Header. Should not be set in Production. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection Allowed values are:
Example: spring.security.xss.mode: block-mode |