OWIN Web API server
OwinWebApiServerModule
Use the OwinWebApiServerModule to configure the HTTP/HTTPS endpoint that Snow Inventory Server opens.
To add security header information to the server response, use the settings SecurityHeaders and SecurityPolicy. The examples below show the default values for the settings.
Example 21.
This shows an example of the SecurityHeaders.
<Module typeName="OwinWebApiServerModule"> <Setter propertyName="SecurityHeaders"> { "X-Content-Type-Option": "nosniff", "Strict-Transport-Security": "max-age=0; includeSubDomains; preload", "X-XSS-Protection": "0" } </Setter> </Module>
Example 22.
This shows an example of the SecurityPolicy.
<Module typeName="OwinWebApiServerModule"> <Setter propertyName="SecurityPolicy"> [ "img-src 'self' data:", "style-src 'self' https://self 'unsafe-inline'", "script-src 'self' https://self 'unsafe-inline'" ] </Setter> </Module>
Note
The settings SecurityHeaders and SecurityPolicy have different JSON formats because they are provided by the server differently.