Closed pmauduit closed 11 months ago
Can't this be configured inside the datadir?
Can't this be configured inside the datadir?
If you open the geoserver documentation pointed above, no. Only 3 methods are available, and the env variable is the most convenient IMHO (first one requires to hack the web.xml, second one is using a java property, which can also be done though but does not provide any added value compared to using an env variable).
See https://docs.geoserver.org/main/en/user/security/webadmin/csrf.html for the motivation.
Also please note that in case of using the geOrchestra gateway, the default http header for the referrer-policy will be "no-referrer", which prevents wicket to determine if the request is legit or not (the check is based on the referer or origin http headers). so to make sure the referer header is provided, this requires the following configuration property to be set on the gateway as well:
Note: I wonder if one needs to customize the value, maybe we need another value in the values.yaml ?