+-----+
# Security Policies
+# -----------------
#security.policy.password.encoder=
security.policy.password.previous.count=6
security.policy.password.expiration.days=90
security.policy.allowed.login.attempt=3
# Password Rules
+# --------------
security.policy.password.rule.alphanumeric.enabled=false
security.policy.password.rule.alphacount.enabled=true
security.policy.password.rule.alphacount.minimum=1
security.policy.password.rule.numericalcount.minimum=1
security.policy.password.rule.reuse.enabled=true
security.policy.password.rule.nowhitespace.enabled=true
+
+# Cross Site Request Forgery (CSRF) Prevention
+# --------------------------------------------
+# Enable/Disable CSRF filtering.
+# Possible values: true, false
+rest.csrffilter.enabled=true
+# Base URL used to verify the origin headers of the requests. If not set or empty
+# it tries to determine the base url automatically
+rest.baseUrl=
+# What to do, if the request contains no Origin or Referer header.
+# If true, requests without Origin or Referer Header are denied, otherwise accepted.
+# Possible values: true, false
+rest.csrffilter.absentorigin.deny=true
+# Enable/Disable the token validation only.
+# If true, the validation of the CSRF tokens will be disabled.
+# Possible values: true, false
+rest.csrffilter.disableTokenValidation=false
+-----+
<<Note:>> If installed standalone, Archiva's list of configuration files is <itself> configurable, and
projects / archiva.git / commitdiff