Page History
...
The "rateLimiter" sub-section can be used to protect against a DOS (denial of service) attack when the UI is processed on the server side (i.e. server-side rendering). Default settings are usually OK. In Angular, server-side rendering occurs to support better Search Engine Optimization (SEO), as well as to support clients which cannot use Javascript. See also Angular's docs on Server-side rendering.
Sub-path in frontend URL: When using a subpath (nameSpace) in your UI server base URL (e.g. "http://localhost:4000/mysite/" instead of "http://localhost:4000/"), you must make sure that the URL without the subpath is added to the rest.cors.allowed-origins list in [dspace]/config/modules/rest.cfg or the local.cfg override. The default value used for this configuration assumes that Origin and DSpace URL are identical, but CORS origins do not contain a subpath. Without this change you will see CORS policy errors preventing communication between the frontend and backend servers.
REST API Settings
The "rest" (REST API) section defines which REST API the UI will use. The REST settings MUST correspond to the primary URL of the backend. Usually, this means they must be kept in sync
with the value of dspace.server.url in the backend's local.cfg
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
auth:
# Authentication UI settings
ui:
# the amount of time before the idle warning is shown
timeUntilIdle: 900000 # 15 minutes
# the amount of time the user has to react after the idle warning is shown before they are logged out.
idleGracePeriod: 300000 # 5 minutes
# Authentication REST settings
rest:
# If the rest token expires in less than this amount of time, it will be refreshed automatically.
# This is independent from the idle warning. Defaults to automatic refresh when the token will
# expire within 2 minutes. Because token expires after 30 minutes by default, this means automatic
# refresh would occur every ~28 minutes.
timeLeftBeforeTokenRefresh: 120000 # 2 minutes |
...
Overview
Content Tools