Skip to content

Commit

Permalink
Fix docs format
Browse files Browse the repository at this point in the history
  • Loading branch information
jportner committed Apr 15, 2021
1 parent 5745057 commit bb8e2aa
Showing 1 changed file with 40 additions and 15 deletions.
55 changes: 40 additions & 15 deletions docs/setup/settings.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -504,15 +504,20 @@ deprecation warning at startup. This setting cannot end in a slash (`/`).
proxy sitting in front of it. This determines whether HTTP compression may be used for responses, based on the request `Referer` header.
This setting may not be used when <<server-compression, `server.compression.enabled`>> is set to `false`. *Default: `none`*

|===
[cols="2*<"]
|===

| [[server-securityResponseHeaders-strictTransportSecurity]] `server.securityResponseHeaders.strictTransportSecurity:`
a| [[server-securityResponseHeaders-strictTransportSecurity]]
----
server.securityResponseHeaders:
strictTransportSecurity:
----
| Controls whether the https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security[`Strict-Transport-Security`]
header is used in all responses to the client from the {kib} server. Set this to `null` to disable it. *Default:* enabled

| `server.securityResponseHeaders.strictTransportSecurity.maxAge:`
a|
----
server.securityResponseHeaders:
strictTransportSecurity.maxAge:
----
| Specifies the `max-age` directive of the
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security[`Strict-Transport-Security`] response header. This is
rounded down to the nearest second. *Default:* `'1Y'` (31536000 seconds)
Expand All @@ -523,43 +528,63 @@ rounded down to the nearest second. *Default:* `'1Y'` (31536000 seconds)
Use a string of `<count>[s\|m\|h\|d\|w\|M\|Y]` (e.g. '20m', '24h', '120d', '1Y').
============

| `server.securityResponseHeaders.strictTransportSecurity.includeSubDomains:`
a|
----
server.securityResponseHeaders:
strictTransportSecurity.includeSubDomains:
----
| Specifies the `includeSubDomains` directive of the
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security[`Strict-Transport-Security`] response header. If
enabled, the directive is included in the header. *Default:* `false`

| `server.securityResponseHeaders.strictTransportSecurity.preload:`
a|
----
server.securityResponseHeaders:
strictTransportSecurity.preload:
----
| Specifies the `preload` directive of the
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security[`Strict-Transport-Security`] response header. If
enabled, the directive is included in the header. *Default:* `false`

| [[server-securityResponseHeaders-xContentTypeOptions]] `server.securityResponseHeaders.xContentTypeOptions:`
a| [[server-securityResponseHeaders-xContentTypeOptions]]
----
server.securityResponseHeaders:
xContentTypeOptions:
----
| Controls whether the https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options[`X-Content-Type-Options`] header is
used in all responses to the client from the {kib} server, and specifies what value is used. Allowed values are `nosniff` or `null`. Set
this to `null` to disable it. *Default:* `"nosniff"`

| [[server-securityResponseHeaders-referrerPolicy]] `server.securityResponseHeaders.referrerPolicy:`
a| [[server-securityResponseHeaders-referrerPolicy]]
----
server.securityResponseHeaders:
referrerPolicy:
----
| Controls whether the https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy[`Referrer-Policy`] header is used in all
responses to the client from the {kib} server, and specifies what value is used. Allowed values are `no-referrer`,
`no-referrer-when-downgrade`, `origin`, `origin-when-cross-origin`, `same-origin`, `strict-origin`, `strict-origin-when-cross-origin`,
`unsafe-url`, or `null`. Set this to `null` to disable it. *Default:* `"no-referrer-when-downgrade"`

| [[server-securityResponseHeaders-permissionsPolicy]] `server.securityResponseHeaders.permissionsPolicy:`
a| [[server-securityResponseHeaders-permissionsPolicy]]
----
server.securityResponseHeaders:
permissionsPolicy:
----
| Controls whether the https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy[`Permissions-Policy`] header is used in all
responses to the client from the {kib} server, and specifies what value is used. Allowed values are any text value or `null`. Set this to
`null` to disable it. *Default:* `"camera=(), microphone=()"` (disables the camera and microphone APIs in the browser)

| [[server-securityResponseHeaders-disableEmbedding]] `server.securityResponseHeaders.disableEmbedding:`
a| [[server-securityResponseHeaders-disableEmbedding]]
----
server.securityResponseHeaders:
disableEmbedding:
----
| Controls whether the https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy[`Content-Security-Policy`] and
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options[`X-Frame-Options`] headers will be configured to disable embedding
{kib} in other webpages using iframes. Set this to `true` to use secure headers that disable embedding; this will add the
`frame-ancestors: 'self'` directive to the `Content-Security-Policy` response header (if you are using the default CSP rules), and it will
add the `X-Frame-Options: SAMEORIGIN` response header as well. *Default:* `false`

|===
[cols="2*<"]
|===

| `server.customResponseHeaders:` {ess-icon}
| Header names and values to
send on all responses to the client from the {kib} server. *Default: `{}`*
Expand Down

0 comments on commit bb8e2aa

Please sign in to comment.