Page History
...
The following REST API configurations are provided in [dspace]/config/rest.cfg
and may be overridden in your local.cfg
Property: |
|
Example Value: |
|
Informational Note: | Allowed Cross-Origin-Resource-Sharing (CORS) origins (in "Access-Control-Allow-Origin" header). Only these origins (client URLs) can successfully authenticate with your REST API. Defaults to Multiple allowed origin URLs may be comma separated (or this configuration can be defined multiple times). Wildcard value (*) is NOT SUPPORTED. Keep in mind any URLs added to this setting must be an exact match with the origin: mode (http vs https), domain, port, and subpath(s) all must match.. So, for example, these URLs are all considered different origins: "http://mydspace.edu", "http://mydspace.edu:4000" (different port), "https://mydspace.edu" (http vs https), "https://myapp.mydspace.edu" (different domain), and "https://mydspace.edu/myapp" (different subpath). NOTE: If you modify this value to allow additional UIs to access your REST API, then you may also need to modify (Requires reboot of servlet container, e.g. Tomcat, to reload) |
Property: |
|
Example Value: |
|
Informational Note: | Whether or not to allow credentials (e.g. cookies) sent by the client/browser in CORS requests (in "Access-Control-Allow-Credentials" header). For DSpace, this MUST be set to "true" to support CSRF checks (which use Cookies) and external authentication via Shibboleth (and similar). Defaults to "true" if unspecified. (Requires reboot of servlet container, e.g. Tomcat, to reload) |
Property: |
|
Example Value: |
|
Informational Note: | This property determines the max embeddepth for a FullProjection. This is also used by the SpecificLevelProjection |
Property: |
|
Example Value: |
|
Informational Note: | This property determines the max embed depth for a SpecificLevelProjection. Usually, this should be kept as-is for best performance. |
Property: |
|
Example Value: |
|
Informational Note: | Define which configuration properties are exposed through the If a rest request is made for a property which exists, but isn't listed here, the server will respond that the property wasn't found. This property can be defined multiple times to allow access to multiple configuration properties. Generally, speaking, it is ONLY recommended to expose configuration settings where they are necessary for the UI or client, as exposing too many configurations could be a security issue. This is why we only expose the two above settings by default. |
...
Because the REST API is a Spring Boot web application, you can also configure or override any Spring Boot settings in your local.cfg. DSpace's default Spring Boot configuration can be found in [src]/dspace-server-webapp/src/main/resources/application.properties
. A few common settings from Spring Boot which you may wish to override in your local.cfg include:
Property: | spring.servlet.multipart.max-file-size |
Example Value: | spring.servlet.multipart.max-file-size = 512MB |
Informational Note: | Per Spring Boot docs, this setting specifies the maximum size of file that can be uploaded via Spring Boot (and therefore via the DSpace REST API). A value of "-1" removes any limit. DSpace sets this to 512MB by default. |
Property: | spring.servlet.multipart.max-request-size |
Example Value: | spring.servlet.multipart.max-request-size = 512MB |
Informational Note: | Per Spring Boot docs, this setting specifies the maximum size of a single request via Spring Boot (and therefore via the DSpace REST API). That means if multiple files are uploaded at once, this is the maximum total size of all files. A value of "-1" removes any limit. DSpace sets this to 512MB by default. |
Technical Design
The REST API & Server Webapp are built on Spring Boot and Spring HATEOAS, using Spring Security. It also aligns with Spring Data REST (though at this time it doesn't use it directly because of incompatibility with the DSpace data model).
...