This is my prod server:
{ "host": "......", "port": "${process.env.PORT || 1337}", "production": true, "ssl": true, "proxy": { "enabled": false, "host": ".....", "ssl": true }, "cron": { "enabled": false }, "admin": { "autoOpen": false, "build": { "backend": "......" } } }
And this is my prod security:
{ "csp": { "enabled": true, "policy": ["block-all-mixed-content"] }, "p3p": { "enabled": true, "value": "" }, "hsts": { "enabled": true, "maxAge": 31536000, "includeSubDomains": true }, "xframe": { "enabled": true, "value": "SAMEORIGIN" }, "xss": { "enabled": true, "mode": "block" }, "cors": { "enabled": false, "headers": "*" }, "ip": { "enabled": false, "whiteList": [], "blackList": [] } }
And this is my middleware:
{ "timeout": 100, "load": { "before": ["responseTime", "logger", "cors", "responses", "gzip"], "order": [ "Define the middlewares' load order by putting their name in this array is the right order" ], "after": ["parser", "router"] }, "settings": { "cors": { "enabled": true, "headers": "*" } } }