TD-5930 Exposing BFF filtering to sourced controlled appsettings because api endpoint public

Author: Phil-NHS

LearningHub.Nhs.WebUI/appsettings.json

@@ -63,6 +63,20 @@
     "ResourceLicenseUrl": "https://support.learninghub.nhs.uk/support/solutions/articles/80000986606-which-licence-should-i-select-when-contributing-a-resource-to-the-learning-hub-",
     "SupportUrlExcludedFiles": "https://localhost/resource/excludedfiles",
     "MediaActivityPlayingEventIntervalSeconds": 5,
+    "BFFPathValidation": {
+      "AllowedPathPrefixes": [
+        "search/",
+        "catalogue/",
+        "Resource/GetArticleDetails",
+        "Resource/GetAudioDetails",
+        "Resource/GetFileTypes"
+      ],
+      "BlockedPathSegments": [
+        "Admin",
+        "User/Delete",
+        "Sensitive"
+      ]
+    },
     "TwitterCredentials": {
       "ConsumerKey": "",
       "ConsumerSecret": "",