fleet/ee/vulnerability-dashboard/config/security.js
Eric b1945b2128
Add fleet-vulnerability-dashboard repo to ee/ folder (#17428)
Closes: https://github.com/fleetdm/confidential/issues/4057

Changes:
- Added the contents of the fleet-vulnerability-dashboard repo to
ee/vulnerability-dashboard
- Added a github workflow to deploy the vulnerability dashboard on
Heroku
- Added a github workflow to test changes to the vulnerability-dashboard
- Updated the website's custom configuration to enable
auto-approvals/review requests to files in the
ee/vulnerability-dashboard folder
2024-03-13 13:06:11 -05:00

50 lines
2.1 KiB
JavaScript

/**
* Security Settings
* (sails.config.security)
*
* These settings affect aspects of your app's security, such
* as how it deals with cross-origin requests (CORS) and which
* routes require a CSRF token to be included with the request.
*
* For an overview of how Sails handles security, see:
* https://sailsjs.com/documentation/concepts/security
*
* For additional options and more information, see:
* https://sailsjs.com/config/security
*/
module.exports.security = {
/***************************************************************************
* *
* CORS is like a more modern version of JSONP-- it allows your application *
* to circumvent browsers' same-origin policy, so that the responses from *
* your Sails app hosted on one domain (e.g. example.com) can be received *
* in the client-side JavaScript code from a page you trust hosted on _some *
* other_ domain (e.g. trustedsite.net). *
* *
* For additional options and more information, see: *
* https://sailsjs.com/docs/concepts/security/cors *
* *
***************************************************************************/
// cors: {
// allRoutes: false,
// allowOrigins: '*',
// allowCredentials: false,
// },
/****************************************************************************
* *
* CSRF protection should be enabled for this application. *
* *
* For more information, see: *
* https://sailsjs.com/docs/concepts/security/csrf *
* *
****************************************************************************/
csrf: true
};