OWIN Web API server

OwinWebApiServerModule

Use the OwinWebApiServerModule to configure the HTTP/HTTPS endpoint that Inventory Server opens.

To add security header information to the server response, use the settings SecurityHeaders and SecurityPolicy.

EXAMPLE

This shows an example of the SecurityHeaders.

<Module typeName="OwinWebApiServerModule">
  <Setter propertyName="SecurityHeaders">
  {
    "X-Content-Type-Option": "nosniff",
    "Strict-Transport-Security": "max-age=0; includeSubDomains; preload",
    "X-XSS-Protection": "0"
  }
  </Setter>
</Module>

EXAMPLE

This shows an example of the SecurityPolicy.

<Module typeName="OwinWebApiServerModule">
  <Setter propertyName="SecurityPolicy">
  [
  "img-src 'self' data:", 
  "style-src 'self' https://self 'unsafe-inline'", 
  "script-src 'self' https://self 'unsafe-inline'"
  ]
  </Setter>
</Module>

note

The settings SecurityHeaders and SecurityPolicy have different JSON formats because they are provided by the server differently.

OWIN Web API server

OwinWebApiServerModule​

EXAMPLE

EXAMPLE

OwinWebApiServerModule