OWIN Web API server

OwinWebApiServerModule

Use the OwinWebApiServerModule to configure the HTTP/HTTPS endpoint that Snow Inventory Server opens.

To add security header information to the server response, use the settings SecurityHeaders and SecurityPolicy. The examples below show the default values for the settings.

Example 21.

This shows an example of the SecurityHeaders.

<Module typeName="OwinWebApiServerModule">
  <Setter propertyName="SecurityHeaders">
		{
		  "X-Content-Type-Option": "nosniff",
		  "Strict-Transport-Security": "max-age=0; includeSubDomains; preload",
		  "X-XSS-Protection": "0"
		}
  </Setter>
</Module>

Example 22.

This shows an example of the SecurityPolicy.

<Module typeName="OwinWebApiServerModule">
  <Setter propertyName="SecurityPolicy">
		[
		"img-src 'self' data:", 
		"style-src 'self' https://self 'unsafe-inline'", 
		"script-src 'self' https://self 'unsafe-inline'"
		]
  </Setter>
</Module>

Note

The settings SecurityHeaders and SecurityPolicy have different JSON formats because they are provided by the server differently.

In this section:

OWIN Web API server

OwinWebApiServerModule

Note

Search results