If true, security policies and HTTPS rules are enforced in dev mode in addition to staging/pilot/production/etc.
If true, dev mode violations of security policies are
logged by default. Note that if you override
LiftRules.contentSecurityPolicyViolationReport
or otherwise
change the default Lift policy violation handling behavior, it will
be up to you to handle this property as desired.
If true, security policies and HTTPS rules are enforced in dev mode in addition to staging/pilot/production/etc.
Returns the headers implied by this set of security rules.
If true, dev mode violations of security policies are logged by default.
If true, dev mode violations of security policies are
logged by default. Note that if you override
LiftRules.contentSecurityPolicyViolationReport
or otherwise
change the default Lift policy violation handling behavior, it will
be up to you to handle this property as desired.
Specifies security rules for a Lift application. By default, HTTPS is not required and
Content-Security-Policy
is restricted to the current domain for everything except images, which are accepted from any domain. Additionally, served pages can only be embedded in other frames from the current domain.You can use
SecurityRules.secure
to enable more restrictive, but also more secure, defaults.If true, security policies and HTTPS rules are enforced in dev mode in addition to staging/pilot/production/etc.
If true, dev mode violations of security policies are logged by default. Note that if you override
LiftRules.contentSecurityPolicyViolationReport
or otherwise change the default Lift policy violation handling behavior, it will be up to you to handle this property as desired.