Type Alias SecurityConfig

type SecurityConfig = {
    allowedHosts?: HostMatcher | HostMatcher[];
    allowedWebSocketOrigins?: HostMatcher | HostMatcher[];
    maxRequestBodySize?: number;
    maxWebSocketPayload?: number;
    trustHostHeader?: boolean;
}

Index

Properties

allowedHosts? allowedWebSocketOrigins? maxRequestBodySize? maxWebSocketPayload? trustHostHeader?

Properties

`Optional`allowedHosts

allowedHosts?: HostMatcher | HostMatcher[]

Restrict trusted Host values when trustHostHeader is enabled.

`Optional`allowedWebSocketOrigins

allowedWebSocketOrigins?: HostMatcher | HostMatcher[]

Restrict accepted WebSocket Origin values. When omitted, Origin is not enforced by default.

`Optional`maxRequestBodySize

maxRequestBodySize?: number

Maximum accepted request body size based on Content-Length. Requests above the limit are rejected before the body is read.

`Optional`maxWebSocketPayload

maxWebSocketPayload?: number

Maximum accepted WebSocket message size in bytes. Passed to ws as maxPayload.

`Optional`trustHostHeader

trustHostHeader?: boolean

Trust the incoming Host header when constructing event.url/request.url. Disabled by default to avoid host header poisoning in absolute URL generation.

Type Alias SecurityConfig

Index

Properties

Properties

`Optional`allowedHosts

`Optional`allowedWebSocketOrigins

`Optional`maxRequestBodySize

`Optional`maxWebSocketPayload

`Optional`trustHostHeader

Settings

On This Page

Type Alias SecurityConfig

Index

Properties

Properties

OptionalallowedHosts

OptionalallowedWebSocketOrigins

OptionalmaxRequestBodySize

OptionalmaxWebSocketPayload

OptionaltrustHostHeader

Settings

On This Page

`Optional`allowedHosts

`Optional`allowedWebSocketOrigins

`Optional`maxRequestBodySize

`Optional`maxWebSocketPayload

`Optional`trustHostHeader