Adding some information about redback configuration settings

2017-03-18 18:33:14 +01:00 · 2017-03-18 18:33:14 +01:00 · db185cb79d
parent a6ee0f8770
commit db185cb79d
1 changed files with 12 additions and 5 deletions
--- a/redback-configuration/src/main/resources/org/apache/archiva/redback/config-defaults.properties
+++ b/redback-configuration/src/main/resources/org/apache/archiva/redback/config-defaults.properties
@ -135,12 +135,19 @@ user.manager.impl=jdo

 # REST security settings

-# REST base url is for avoiding CSRF attacks
-# Enable CSRF filtering
+# Cross Site Request Forgery (CSRF) Prevention
+# --------------------------------------------
+# Enable/Disable CSRF filtering.
+# Possible values: true, false
 rest.csrffilter.enabled=true
-# If it is not set or empty it tries to determine the base url automatically
+# Base URL used to verify the origin headers of the requests. If not set or empty
+# it tries to determine the base url automatically
 rest.baseUrl=
-# If true, requests without Origin or Referer Header are denied
+# What to do, if the request contains no Origin or Referer header.
+# If true, requests without Origin or Referer Header are denied, otherwise accepted.
+# Possible values: true, false
 rest.csrffilter.absentorigin.deny=true
-# If true, the validation of the CSRF tokens will be disabled
+# Enable/Disable the token validation only.
+# If true, the validation of the CSRF tokens will be disabled.
+# Possible values: true, false
 rest.csrffilter.disableTokenValidation=false