Component org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService.defaultContrib
In bundle org.nuxeo.ecm.platform.web.common
Resolution Order
      603
    
    
      The resolution order represents the order in which this component has been resolved by the Nuxeo Runtime
      framework.
      You can influence this order by adding "require" tags in your component declaration, to make sure it is resolved after another component.
Contributions
- org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService.defaultContrib--filterConfig
- org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService.defaultContrib--responseHeaders
XML Source
<?xml version="1.0"?>
<component name="org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService.defaultContrib">
  <extension target="org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService"
    point="filterConfig">
    <filterConfig name="cachednxfile" transactional="false" synchonize="false" cached="true" private="true" cacheTime="31536000">
      <!-- if url contains doc changeToken: approximately one year -->
      <!-- transaction is manually handled in DownloadServlet -->
      <pattern>${org.nuxeo.ecm.contextPath}/nxfile/.*\\?.*changeToken=.+</pattern>
    </filterConfig>
    <filterConfig name="nxfile" transactional="false" synchonize="false" cached="true" private="true" cacheTime="0">
      <!-- transaction is manually handled in DownloadServlet -->
      <pattern>${org.nuxeo.ecm.contextPath}/nxfile/.*</pattern>
    </filterConfig>
    <filterConfig name="BigFileDownloaderRequest" cached="true" private="true"
      transactional="false" synchonize="false">
      <!-- transaction is manually handled in DownloadServlet -->
      <pattern>${org.nuxeo.ecm.contextPath}/nxbigfile/.*</pattern>
    </filterConfig>
    <filterConfig name="BigZipFileDownloaderRequest" cached="true" private="true"
      transactional="true" synchonize="true">
      <pattern>${org.nuxeo.ecm.contextPath}/nxbigzipfile/.*</pattern>
    </filterConfig>
    <filterConfig name="img" cached="true" cacheTime="3600">
      <pattern>${org.nuxeo.ecm.contextPath}/img.*</pattern>
    </filterConfig>
    <filterConfig name="icons" cached="true" cacheTime="3600">
      <pattern>${org.nuxeo.ecm.contextPath}/icons.*</pattern>
    </filterConfig>
    <filterConfig name="js" cached="true" cacheTime="3600">
      <pattern>${org.nuxeo.ecm.contextPath}/js.*</pattern>
    </filterConfig>
    <filterConfig name="scripts" cached="true" cacheTime="3600">
      <pattern>${org.nuxeo.ecm.contextPath}/scripts.*</pattern>
    </filterConfig>
    <filterConfig name="waitdialog" cached="true" cacheTime="3600">
      <pattern>${org.nuxeo.ecm.contextPath}/waitdialog.*</pattern>
    </filterConfig>
    <filterConfig name="cachedBPR" cached="true" private="true" cacheTime="31536000" transactional="true">
      <!-- if url contains doc changeToken: approximately one year -->
      <pattern>${org.nuxeo.ecm.contextPath}/.*/@(blob|preview|rendition).*\\?.*changeToken=.+</pattern>
    </filterConfig>
    <filterConfig name="BPR" cached="true" private="true" cacheTime="0" transactional="true">
      <pattern>${org.nuxeo.ecm.contextPath}/.*/@(blob|preview|rendition).*</pattern>
    </filterConfig>
    <filterConfig name="nxadmin" cached="false" private="true">
      <pattern>${org.nuxeo.ecm.contextPath}/nxadmin/.*</pattern>
    </filterConfig>
  </extension>
  <extension target="org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService"
    point="responseHeaders">
    <header name="X-UA-Compatible">IE=10; IE=11</header>
    <header name="Cache-Control">no-cache</header>
    <header name="X-Content-Type-Options">nosniff</header>
    <header name="X-XSS-Protection">1; mode=block</header>
    <header name="X-Frame-Options">${nuxeo.frame.options:=SAMEORIGIN}</header>
    <header name="Referrer-Policy">${nuxeo.referrer.policy:=strict-origin-when-cross-origin}</header>
    <!-- this is a permissive Content-Security-Policy, which should be configured for more security -->
    <header name="Content-Security-Policy">${nuxeo.content.security.policy:=img-src data: blob: *; default-src blob: *; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' *; font-src data: *}</header>
  </extension>
</component>