Platform Explorer / Nuxeo Platform LTS 2017 9.10

Component org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService.defaultContrib

In bundle org.nuxeo.ecm.platform.web.common

Contributions

XML Source

<?xml version="1.0"?>
<component name="org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService.defaultContrib">

  <extension target="org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService"
    point="filterConfig">

    <filterConfig name="nxfile" transactional="false" synchonize="false">
      <!-- transaction is manually handled in DownloadServlet -->
      <pattern>${org.nuxeo.ecm.contextPath}/nxfile/.*</pattern>
    </filterConfig>
    <filterConfig name="BigFileDownloaderRequest" cached="true" private="true"
      transactional="false" synchonize="false">
      <!-- transaction is manually handled in DownloadServlet -->
      <pattern>${org.nuxeo.ecm.contextPath}/nxbigfile/.*</pattern>
    </filterConfig>

    <filterConfig name="BigZipFileDownloaderRequest" cached="true" private="true"
      transactional="true" synchonize="true">
      <pattern>${org.nuxeo.ecm.contextPath}/nxbigzipfile/.*</pattern>
    </filterConfig>

    <filterConfig name="img" cached="true" cacheTime="3600">
      <pattern>${org.nuxeo.ecm.contextPath}/img.*</pattern>
    </filterConfig>

    <filterConfig name="icons" cached="true" cacheTime="3600">
      <pattern>${org.nuxeo.ecm.contextPath}/icons.*</pattern>
    </filterConfig>

    <filterConfig name="js" cached="true" cacheTime="3600">
      <pattern>${org.nuxeo.ecm.contextPath}/js.*</pattern>
    </filterConfig>

    <filterConfig name="scripts" cached="true" cacheTime="3600">
      <pattern>${org.nuxeo.ecm.contextPath}/scripts.*</pattern>
    </filterConfig>

    <filterConfig name="waitdialog" cached="true" cacheTime="3600">
      <pattern>${org.nuxeo.ecm.contextPath}/waitdialog.*</pattern>
    </filterConfig>

  </extension>

  <extension target="org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService"
    point="responseHeaders">
    <header name="X-UA-Compatible">IE=10; IE=11</header>
    <header name="Cache-Control">no-cache, no-store, must-revalidate</header>
    <header name="X-Content-Type-Options">nosniff</header>
    <header name="X-XSS-Protection">1; mode=block</header>
    <header name="X-Frame-Options">${nuxeo.frame.options:=SAMEORIGIN}</header>
    <!-- this is a permissive Content-Security-Policy, which should be overridden for more security -->
    <header name="Content-Security-Policy">img-src data: blob: *; default-src blob: *; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' *; font-src data: *</header>
  </extension>

</component>