river-of-ebooks/config/security.js

/**
 * Security Settings
 * (sails.config.security)
 *
 * These settings affect aspects of your app's security, such
 * as how it deals with cross-origin requests (CORS) and which
 * routes require a CSRF token to be included with the request.
 *
 * For an overview of how Sails handles security, see:
 * https://sailsjs.com/documentation/concepts/security
 *
 * For additional options and more information, see:
 * https://sailsjs.com/config/security
 */

module.exports.security = {

  /***************************************************************************
  *                                                                          *
  * CORS is like a more modern version of JSONP-- it allows your application *
  * to circumvent browsers' same-origin policy, so that the responses from   *
  * your Sails app hosted on one domain (e.g. example.com) can be received   *
  * in the client-side JavaScript code from a page you trust hosted on _some *
  * other_ domain (e.g. trustedsite.net).                                    *
  *                                                                          *
  * For additional options and more information, see:                        *
  * https://sailsjs.com/docs/concepts/security/cors                          *
  *                                                                          *
  ***************************************************************************/

  // cors: {
  //   allRoutes: false,
  //   allowOrigins: '*',
  //   allowCredentials: false,
  // },


  /****************************************************************************
  *                                                                           *
  * By default, Sails' built-in CSRF protection is disabled to facilitate     *
  * rapid development.  But be warned!  If your Sails app will be accessed by *
  * web browsers, you should _always_ enable CSRF protection before deploying *
  * to production.                                                            *
  *                                                                           *
  * To enable CSRF protection, set this to `true`.                            *
  *                                                                           *
  * For more information, see:                                                *
  * https://sailsjs.com/docs/concepts/security/csrf                           *
  *                                                                           *
  ****************************************************************************/

  // csrf: false

};
init sails app 2018-10-16 01:45:37 +00:00			`/**`
			`* Security Settings`
			`* (sails.config.security)`
			`*`
			`* These settings affect aspects of your app's security, such`
			`* as how it deals with cross-origin requests (CORS) and which`
			`* routes require a CSRF token to be included with the request.`
			`*`
			`* For an overview of how Sails handles security, see:`
			`* https://sailsjs.com/documentation/concepts/security`
			`*`
			`* For additional options and more information, see:`
			`* https://sailsjs.com/config/security`
			`*/`

			`module.exports.security = {`

			`/***************************************************************************`
			`* *`
			`* CORS is like a more modern version of JSONP-- it allows your application *`
			`* to circumvent browsers' same-origin policy, so that the responses from *`
			`* your Sails app hosted on one domain (e.g. example.com) can be received *`
			`* in the client-side JavaScript code from a page you trust hosted on _some *`
			`* other_ domain (e.g. trustedsite.net). *`
			`* *`
			`* For additional options and more information, see: *`
			`* https://sailsjs.com/docs/concepts/security/cors *`
			`* *`
			`***************************************************************************/`

			`// cors: {`
			`// allRoutes: false,`
			`// allowOrigins: '*',`
			`// allowCredentials: false,`
			`// },`

Revert "merge #18, #19, #20, #23, #25" 2018-11-12 22:12:16 +00:00
init sails app 2018-10-16 01:45:37 +00:00			`/****************************************************************************`
			`* *`
			`* By default, Sails' built-in CSRF protection is disabled to facilitate *`
			`* rapid development. But be warned! If your Sails app will be accessed by *`
			`* web browsers, you should _always_ enable CSRF protection before deploying *`
			`* to production. *`
			`* *`
			* To enable CSRF protection, set this to `true`. *
			`* *`
			`* For more information, see: *`
			`* https://sailsjs.com/docs/concepts/security/csrf *`
			`* *`
			`****************************************************************************/`

			`// csrf: false`

Revert "merge #18, #19, #20, #23, #25" 2018-11-12 22:12:16 +00:00			`};`