SecurityOptions

SecurityOptions

CheckFormId: Boolean

When TRUE, IntraWeb will generate a unique FormId hidden field for each IWForm instance. This ID is then checked when the form processes a request.

CheckSameIP: Boolean

Will raise an EIWSecurityException if a different IP is used in a subsequent request using the same Session ID. Default True.

CheckSameUA: Boolean

Will raise an EIWSecurityException if a different user agent string is used in a subsequent request using the same Session ID. Default True.

CorsOrigin: string

Introduced: 15.0.21

Controls CORS (Cross-origin resource sharing) settings for your application. The values can be:

  • ” – CORS is disabled (default)
  • * – Any site can reference or embed your application. As * is not a valid value when cookies exist, IntraWeb will dynamically adjust the header on the fly to allow the same usage as *.
  • value – Value will be passed unchanged back to the browser. Typically the value is a site or domain such as http://www.atozed.com which would restrict referencing and usage to www.atozed.com as the origin.

Blog post introducing CorsOrigin.

PreventDoubleSubmission: Boolean

 

RandomTempFileNames: Boolean

 

ShowSecurityErrorDetails: Boolean

If false, will omit the error message when one of the above checks fails. Default True.