You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/docs/Configuration/Security.md
+5-1Lines changed: 5 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -67,7 +67,11 @@ If server_uri is set to the https endpoint and the OpenRun server is running wit
67
67
68
68
## Application Security
69
69
70
-
See [appsecurity]({{< ref "appsecurity" >}}) for details about the application level sandboxing.
70
+
See [appsecurity]({{< ref "appsecurity" >}}) for details about the application level sandboxing and [authentication]({{< ref "authentication" >}}) for details about adding OAuth/OIDC/SAML/Cert based auth for apps.
71
+
72
+
## CSRF Protection
73
+
74
+
CSRF protection is automatically enabled for OpenRun internal APIs and for API calls to apps. This uses the [CrossOriginProtection](https://pkg.go.dev/net/http#CrossOriginProtection) middleware. Use `app_config.security.disable_csrf_protection = true` in `openrun.toml` to disable globally for all apps. CSRF protection can be disabled individually for apps by running `openrun app update-metadata conf --promote 'security.disable_csrf_protection=true' /myapp`
0 commit comments