Platform Explorer / Nuxeo Platform 2021.59

Component org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService.defaultContrib

Resolution Order

612
The resolution order represents the order in which this component has been resolved by the Nuxeo Runtime framework.
You can influence this order by adding "require" tags in your component declaration, to make sure it is resolved after another component.

Contributions

XML Source

<?xml version="1.0"?>
<component name="org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService.defaultContrib">

  <extension target="org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService"
    point="filterConfig">

    <filterConfig name="cachednxfile" transactional="false" synchonize="false" cached="true" private="true" cacheTime="31536000">
      <!-- if url contains doc changeToken: approximately one year -->
      <!-- transaction is manually handled in DownloadServlet -->
      <pattern>${org.nuxeo.ecm.contextPath}/nxfile/.*\\?.*changeToken=.+</pattern>
    </filterConfig>
    <filterConfig name="nxfile" transactional="false" synchonize="false" cached="true" private="true" cacheTime="0">
      <!-- transaction is manually handled in DownloadServlet -->
      <pattern>${org.nuxeo.ecm.contextPath}/nxfile/.*</pattern>
    </filterConfig>
    <filterConfig name="BigFileDownloaderRequest" cached="true" private="true"
      transactional="false" synchonize="false">
      <!-- transaction is manually handled in DownloadServlet -->
      <pattern>${org.nuxeo.ecm.contextPath}/nxbigfile/.*</pattern>
    </filterConfig>

    <filterConfig name="BigZipFileDownloaderRequest" cached="true" private="true"
      transactional="true" synchonize="true">
      <pattern>${org.nuxeo.ecm.contextPath}/nxbigzipfile/.*</pattern>
    </filterConfig>

    <filterConfig name="img" cached="true" cacheTime="3600">
      <pattern>${org.nuxeo.ecm.contextPath}/img.*</pattern>
    </filterConfig>

    <filterConfig name="icons" cached="true" cacheTime="3600">
      <pattern>${org.nuxeo.ecm.contextPath}/icons.*</pattern>
    </filterConfig>

    <filterConfig name="js" cached="true" cacheTime="3600">
      <pattern>${org.nuxeo.ecm.contextPath}/js.*</pattern>
    </filterConfig>

    <filterConfig name="scripts" cached="true" cacheTime="3600">
      <pattern>${org.nuxeo.ecm.contextPath}/scripts.*</pattern>
    </filterConfig>

    <filterConfig name="waitdialog" cached="true" cacheTime="3600">
      <pattern>${org.nuxeo.ecm.contextPath}/waitdialog.*</pattern>
    </filterConfig>

    <filterConfig name="cachedBPR" cached="true" private="true" cacheTime="31536000" transactional="true">
      <!-- if url contains doc changeToken: approximately one year -->
      <pattern>${org.nuxeo.ecm.contextPath}/.*/@(blob|preview|rendition).*\\?.*changeToken=.+</pattern>
    </filterConfig>

    <filterConfig name="BPR" cached="true" private="true" cacheTime="0" transactional="true">
      <pattern>${org.nuxeo.ecm.contextPath}/.*/@(blob|preview|rendition).*</pattern>
    </filterConfig>

    <filterConfig name="nxadmin" cached="false" private="true">
      <pattern>${org.nuxeo.ecm.contextPath}/nxadmin/.*</pattern>
    </filterConfig>

  </extension>

  <extension target="org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService"
    point="responseHeaders">
    <header name="X-UA-Compatible">IE=10; IE=11</header>
    <header name="Cache-Control">no-cache</header>
    <header name="X-Content-Type-Options">nosniff</header>
    <header name="X-XSS-Protection">1; mode=block</header>
    <header name="X-Frame-Options">${nuxeo.frame.options:=SAMEORIGIN}</header>
    <header name="Referrer-Policy">${nuxeo.referrer.policy:=strict-origin-when-cross-origin}</header>
    <!-- this is a permissive Content-Security-Policy, which should be configured for more security -->
    <header name="Content-Security-Policy">${nuxeo.content.security.policy:=img-src data: blob: *; default-src blob: *; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' *; font-src data: *}</header>
  </extension>

</component>