Ask or search…

Web Security

Description of flags related to your node's web security

Access Control Allow Origins

Type: String[]
Default: ["*"]
Accepts a comma-separated lists of origin domains that will be allowed as the Access-Control-Allow-Origin HTTP header. Defaults to * if not set which allows all origin domains.

Secure Header Development

Type: Boolean
Default: true
If set, runs our secure header middleware in development mode, which disables some of the options. The default is true to make it easy to run a node locally. See for more info.

Secure Header Allow Hosts

Type: String[]
Default: [],
This is the domain that our secure middleware will accept requests from. We also set the HTTP Access-Control-Allow-Origin

Last modified 1yr ago