-
Notifications
You must be signed in to change notification settings - Fork 46
Expand file tree
/
Copy pathweb.config
More file actions
52 lines (52 loc) · 4.67 KB
/
web.config
File metadata and controls
52 lines (52 loc) · 4.67 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<!--
Configure your application settings in appsettings.json. Learn more at http://go.microsoft.com/fwlink/?LinkId=786380
-->
<system.webServer>
<security>
<requestFiltering removeServerHeader="true">
<requestLimits maxAllowedContentLength="1073741824"></requestLimits>
<fileExtensions allowUnlisted="true">
<remove fileExtension="." />
<remove fileExtension=".cs" />
<add fileExtension="." allowed="true" />
<add fileExtension=".cs" allowed="true" />
</fileExtensions>
</requestFiltering>
</security>
<!--<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified"/>
</handlers>-->
<aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" hostingModel="inprocess" />
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
</handlers>
<rewrite>
<rules>
<!-- UpperCase to LowerCase URL Redirection -->
<rule name="LowerCaseRule" stopProcessing="true">
<match url="[A-Z]" ignoreCase="false" />
<conditions>
<add input="{REQUEST_METHOD}" pattern="POST" negate="true" />
</conditions>
<action type="Redirect" url="{ToLower:{URL}}" />
</rule>
</rules>
</rewrite>
<!-- Configure the "Access-Control-Allow-Origin" HTTP header to a more restrictive set of domains -->
<!-- Configure the "X-Frame-Options" HTTP header response to protect against 'ClickJacking' attacks -->
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="https://ej2.syncfusion.com" />
<add name="Content-Security-Policy" value="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://ej2aspnetcore-prod.azurewebsites.net https://cdn.syncfusion.com https://ej2.syncfusion.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.youtube.com https://www.clarity.ms https://www.google-analytics.com https://cdnjs.cloudflare.com https://static.cloudflareinsights.com https://snap.licdn.com blob:; style-src 'self' 'unsafe-inline' blob: data: https://ej2aspnetcore-prod.azurewebsites.net https://fonts.googleapis.com https://cdn.syncfusion.com https://ej2.syncfusion.com; img-src 'self' 'unsafe-inline' blob: data: https://ej2aspnetcore-prod.azurewebsites.net https://cdn.syncfusion.com https://syncfusion.atlassian.net https://ej2.syncfusion.com https://tile.openstreetmap.org https://bat.bing.com https://www.googletagmanager.com https://ej2-aspcore-service.azurewebsites.net https://c.clarity.ms/c.gif https://c.bing.com https://www.google.co.in https://ej2-azure-aspcore-service.azurewebsites.net https://amazons3.azurewebsites.net https://ej2-ibm-cos-node-file-provider.azurewebsites.net https://ej2services.syncfusion.com https://services.syncfusion.com https://px.ads.linkedin.com; media-src 'self' 'unsafe-inline' blob: data: https://cdn.syncfusion.com https://ej2services.syncfusion.com https://services.syncfusion.com; connect-src 'self' data: ws: https://ej2aspnetcore-prod.azurewebsites.net https://ej2services.syncfusion.com https://services.syncfusion.com https://cdn.syncfusion.com https://bi.syncfusion.com https://ej2.syncfusion.com https://www.google.com https://www.google-analytics.com/ https://www.googleapis.com https://*.clarity.ms https://services.odata.org https://ej2-aspcore-service.azurewebsites.net https://ej2-azure-aspcore-service.azurewebsites.net https://ej2-nodejs-service.azurewebsites.net https://amazons3.azurewebsites.net https://realtime-firebase.azurewebsites.net http://localhost:* https://px.ads.linkedin.com https://api.jsonbin.io/v3/b/6912d9ecd0ea881f40e12335; font-src 'self' data: https://fonts.gstatic.com; form-action 'self' https://ej2-aspcore-service.azurewebsites.net https://ej2-azure-aspcore-service.azurewebsites.net https://amazons3.azurewebsites.net https://ej2-ibm-cos-node-file-provider.azurewebsites.net; frame-ancestors 'self' https://www.syncfusion.com/; frame-src 'self' https://www.googletagmanager.com https://boldpdftools.com https://www.youtube.com;" />
<add name="X-Content-Type-Options" value="nosniff" />
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
</system.webServer>
<!-- Implemented custom error pages -->
<system.web>
<customErrors mode="On" />
</system.web>
</configuration>