[update] #todo 129741 修正CORS機制,目前origin全允許
待專案上線後確定domain源即可用各環境yml來客製化origin
| | |
|---|
| | | .headers() |
|---|
| | | .contentSecurityPolicy(jHipsterProperties.getSecurity().getContentSecurityPolicy()) |
|---|
| | | .and() |
|---|
| | | .referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN) |
|---|
| | | .and() |
|---|
| | | .permissionsPolicy().policy("camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()") |
|---|
| | | .and() |
|---|
| | | .frameOptions() |
|---|
| | |
|---|
| | | ehcache: # Ehcache configuration |
|---|
| | | time-to-live-seconds: 3600 # By default objects stay 1 hour in the cache |
|---|
| | | max-entries: 100 # Number of objects in each cache entry |
|---|
| | | # CORS is only enabled by default with the "dev" profile |
|---|
| | | cors: |
|---|
| | | # Allow Ionic for JHipster by default (* no longer allowed in Spring Boot 2.4+) |
|---|
| | | allowed-origins: 'http://localhost:8100,https://localhost:8100,http://localhost:9000,https://localhost:9000' |
|---|
| | | allowed-methods: '*' |
|---|
| | | allowed-headers: '*' |
|---|
| | | exposed-headers: 'Authorization,Link,X-Total-Count,X-${jhipster.clientApp.name}-alert,X-${jhipster.clientApp.name}-error,X-${jhipster.clientApp.name}-params' |
|---|
| | | allow-credentials: true |
|---|
| | | max-age: 1800 |
|---|
| | | # cors: |
|---|
| | | # # Allow Ionic for JHipster by default (* no longer allowed in Spring Boot 2.4+) |
|---|
| | | # allowed-origins: 'http://localhost:8100,https://localhost:8100,http://localhost:9000,https://localhost:9000' |
|---|
| | | # allowed-methods: '*' |
|---|
| | | # allowed-headers: '*' |
|---|
| | | # exposed-headers: 'Authorization,Link,X-Total-Count,X-${jhipster.clientApp.name}-alert,X-${jhipster.clientApp.name}-error,X-${jhipster.clientApp.name}-params' |
|---|
| | | # allow-credentials: true |
|---|
| | | # max-age: 1800 |
|---|
| | | security: |
|---|
| | | authentication: |
|---|
| | | jwt: |
|---|
| | |
|---|
| | | clientApp: |
|---|
| | | name: 'pamapiApp' |
|---|
| | | # By default CORS is disabled. Uncomment to enable. |
|---|
| | | # cors: |
|---|
| | | # allowed-origins: "http://localhost:8100,http://localhost:9000" |
|---|
| | | # allowed-methods: "*" |
|---|
| | | # allowed-headers: "*" |
|---|
| | | # exposed-headers: "Authorization,Link,X-Total-Count,X-${jhipster.clientApp.name}-alert,X-${jhipster.clientApp.name}-error,X-${jhipster.clientApp.name}-params" |
|---|
| | | # allow-credentials: true |
|---|
| | | # max-age: 1800 |
|---|
| | | # 由於此專案是 Nuxt的SSR 與 Spring boot 的雙專案,因此會有origin來自nuxt,但api打的是spring boot的CORS問題,目前origins暫時開成全來源 |
|---|
| | | cors: |
|---|
| | | allowed-origin-patterns: "*" |
|---|
| | | allowed-methods: "*" |
|---|
| | | allowed-headers: "*" |
|---|
| | | exposed-headers: "Authorization,Link,X-Total-Count,X-${jhipster.clientApp.name}-alert,X-${jhipster.clientApp.name}-error,X-${jhipster.clientApp.name}-params" |
|---|
| | | allow-credentials: true |
|---|
| | | max-age: 1800 |
|---|
| | | mail: |
|---|
| | | from: pamapi@localhost |
|---|
| | | api-docs: |
|---|
