|
static String
|
_self
public static final java.lang.String _self = "/config/security/token"
-
|
|
static String
|
csrfGlobalPostLoginFallback
public static final java.lang.String csrfGlobalPostLoginFallback = "/config/security/token/csrfGlobalPostLoginFallback"
-
Fallback URI when CSRF protection is enabled. After successful login, user will be redirected to this
uri. Default is "/"
|
|
static String
|
enableCsrfProtection
public static final java.lang.String enableCsrfProtection = "/config/security/token/enableCsrfProtection"
-
Key to determine whether cross site request forgery protection should be enabled and at what level.
Default value is "", which means that this protection is disabled. Valid values are
"" (disabled), "REQUEST" (token generation is automatic, but requires using CSRF
API), and "REQUEST_RESPONSE" (transparent rewriting of responses to include CSRF token,
requires zero.acf dependency)
|
|
static String
|
enableStrongCsrfProtection
public static final java.lang.String enableStrongCsrfProtection = "/config/security/token/enableStrongCsrfProtection"
-
Enables stronger support for CSRF protection than what is provided by default. Note requires some
additional configuration by the application developer so please read the Developer's Guide for more
information.
Default is false.
|
|
static String
|
securedCookie
public static final java.lang.String securedCookie = "/config/security/token/securedCookie"
-
Boolean flag to determine whether security cookie should be marked as secured (HTTPs only) or not
Default false
|
|
static String
|
tokenType
public static final java.lang.String tokenType = "/config/security/token/tokenType"
-
The token type generated and validated by the runtime for secured resources. Default is Simple.
|