Skip to main content

OWIN Web API server


Use the OwinWebApiServerModule to configure the HTTP/HTTPS endpoint that Snow Inventory Server opens.

To add security header information to the server response, use the settings SecurityHeaders and SecurityPolicy. The examples below show the default values for the settings.

Example 21.

This shows an example of the SecurityHeaders.

<Module typeName="OwinWebApiServerModule">
  <Setter propertyName="SecurityHeaders">
		  "X-Content-Type-Option": "nosniff",
		  "Strict-Transport-Security": "max-age=0; includeSubDomains; preload",
		  "X-XSS-Protection": "0"

Example 22.

This shows an example of the SecurityPolicy.

<Module typeName="OwinWebApiServerModule">
  <Setter propertyName="SecurityPolicy">
		"img-src 'self' data:", 
		"style-src 'self' https://self 'unsafe-inline'", 
		"script-src 'self' https://self 'unsafe-inline'"


The settings SecurityHeaders and SecurityPolicy have different JSON formats because they are provided by the server differently.