Web Security

Description of flags related to your node's web security

Access Control Allow Origins


Type: String[]

Default: ["*"]

Accepts a comma-separated lists of origin domains that will be allowed as the Access-Control-Allow-Origin HTTP header. Defaults to * if not set which allows all origin domains.

Secure Header Development


Type: Boolean

Default: true

If set, runs our secure header middleware in development mode, which disables some of the options. The default is true to make it easy to run a node locally. See https://github.com/unrolled/secure for more info.

Secure Header Allow Hosts


Type: String[]

Default: [],

This is the domain that our secure middleware will accept requests from. We also set the HTTP Access-Control-Allow-Origin

Last updated