You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| timeout | The amount of time in seconds to wait for the HTTP response headers to be returned by the backend service before a timeout error is raised. Minimum value is 0 seconds. Values greater than 240 seconds may not be honored, because the underlying network infrastructure can drop idle connections after this time. Policy expressions are allowed. | No | 300 |
34
-
| continue-timeout | The amount of time in seconds to wait for a `100 Continue` status code to be returned by the backend service before a timeout error is raised. Policy expressions are allowed. | No | N /A |
33
+
| timeout | The amount of time in seconds to wait for the HTTP response headers to be returned by the backend service before a timeout error is raised. Minimum value is 0 seconds. Values greater than 240 seconds may not be honored, because the underlying network infrastructure can drop idle connections after this time. Policy expressions are allowed. You can specify either `timeout` or `timeout-ms` but not both. | No | 300 |
34
+
| timeout-ms | The amount of time in milliseconds to wait for the HTTP response headers to be returned by the backend service before a timeout error is raised. Minimum value is 0 ms. Policy expressions are allowed. You can specify either `timeout` or `timeout-ms` but not both. | No | N/A |
35
+
| continue-timeout | The amount of time in seconds to wait for a `100 Continue` status code to be returned by the backend service before a timeout error is raised. Policy expressions are allowed. | No | N/A |
35
36
| http-version | The HTTP spec version to use when sending the HTTP response to the backend service. When using `2or1`, the gateway will favor HTTP /2 over /1, but fall back to HTTP /1 if HTTP /2 doesn't work. | No | 1 |
36
37
| follow-redirects | Specifies whether redirects from the backend service are followed by the gateway or returned to the caller. Policy expressions are allowed. | No |`false`|
37
38
| buffer-request-body | When set to `true`, request is buffered and will be reused on [retry](retry-policy.md). | No |`false`|
Copy file name to clipboardExpand all lines: articles/api-management/validate-azure-ad-token-policy.md
+1-2Lines changed: 1 addition & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ author: dlepow
7
7
8
8
ms.service: api-management
9
9
ms.topic: article
10
-
ms.date: 12/08/2022
10
+
ms.date: 10/19/2023
11
11
ms.author: danlep
12
12
---
13
13
@@ -92,7 +92,6 @@ The `validate-azure-ad-token` policy enforces the existence and validity of a JS
92
92
### Usage notes
93
93
94
94
* You can use access restriction policies in different scopes for different purposes. For example, you can secure the whole API with Microsoft Entra authentication by applying the `validate-azure-ad-token` policy on the API level, or you can apply it on the API operation level and use `claims` for more granular control.
95
-
* When using a custom header (`header-name`), the header value cannot be prefixed with `Bearer ` and should be removed.
Copy file name to clipboardExpand all lines: articles/api-management/validate-jwt-policy.md
+1-2Lines changed: 1 addition & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ author: dlepow
7
7
8
8
ms.service: api-management
9
9
ms.topic: article
10
-
ms.date: 12/08/2022
10
+
ms.date: 10/19/2023
11
11
ms.author: danlep
12
12
---
13
13
@@ -121,7 +121,6 @@ The `validate-jwt` policy enforces existence and validity of a supported JSON we
121
121
* The policy supports tokens encrypted with symmetric keys using the following encryption algorithms: A128CBC-HS256, A192CBC-HS384, A256CBC-HS512.
122
122
* To configure the policy with one or more OpenID configuration endpoints for use with a self-hosted gateway, the OpenID configuration endpoints URLs must also be reachable by the cloud gateway.
123
123
* You can use access restriction policies in different scopes for different purposes. For example, you can secure the whole API with Microsoft Entra authentication by applying the `validate-jwt` policy on the API level, or you can apply it on the API operation level and use `claims` for more granular control.
124
-
* When using a custom header (`header-name`), the header value cannot be prefixed with `Bearer ` and should be removed.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments