node-webserver
    Preparing search index...

    Type Alias SecurityConfig

    type SecurityConfig = {
        allowedHosts?: ValueMatcher | ValueMatcher[];
        allowedWebSocketOrigins?: ValueMatcher | ValueMatcher[];
        headersTimeoutMs?: number;
        keepAliveTimeoutMs?: number;
        maxRequestBodySize?: number;
        maxWebSocketPayload?: number;
        requestTimeoutMs?: number;
        trustedProxies?: ValueMatcher | ValueMatcher[];
        trustHostHeader?: boolean;
    }
    Index

    Properties

    allowedHosts? allowedWebSocketOrigins? headersTimeoutMs? keepAliveTimeoutMs? maxRequestBodySize? maxWebSocketPayload? requestTimeoutMs? trustedProxies? trustHostHeader?

    Properties

    allowedHosts?: ValueMatcher | ValueMatcher[]

    Restrict trusted Host values when trustHostHeader is enabled.

    allowedWebSocketOrigins?: ValueMatcher | ValueMatcher[]

    Restrict accepted WebSocket Origin values. When omitted, Origin is not enforced by default.

    headersTimeoutMs?: number

    Maximum time allowed to receive the complete request headers.

    30000
    keepAliveTimeoutMs?: number

    How long to keep idle keep-alive connections open.

    5000
    maxRequestBodySize?: number

    Maximum accepted request body size based on Content-Length. Requests above the limit are rejected before the body is read.

    maxWebSocketPayload?: number

    Maximum accepted WebSocket message size in bytes. Passed to ws as maxPayload.

    requestTimeoutMs?: number

    Maximum time allowed for the full request lifecycle.

    60000
    trustedProxies?: ValueMatcher | ValueMatcher[]

    Trust forwarded proxy headers only when the direct peer matches one of these values.

    trustHostHeader?: boolean

    Trust the incoming Host header when constructing event.url/request.url. Disabled by default to avoid host header poisoning in absolute URL generation.

    Settings

    Member Visibility

    On This Page

    Properties