Security

Application security

Security settings that can be changed per application

Note

Note that the setting here only apply to the selected application, they are not global.

Where to change:

  • Open “Developer mode”
  • Edit the desired application
  • Navigate to the “Security tab”

Security settings Security settings

Custom CSP rules

The server will apply a default CSP ruleset (shown below), but you can disable this in the application security settings and provide a custom one instead. The changes here will only take effect for the edited application.

The default ruleset:

default-src *; script-src 'self' 'nonce-{nonce}'; object-src *; style-src 'self' 'nonce-{nonce}' 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'

IP blocking / whitelist

It’s possible to also start blocking access to the application routes (or app user login) by IP. The settings here work as a whitelist, this means when enabled without any ip inputs then all accesses are blocked.

Enter the allowed IP’s and an optional note who the IP belongs to. When done then don’t forget to click on the “Confirm changes” button.

There are 2 modes for the blocking functionality:

Login block

This mode does not prevent access to view the pages but does block the app users from logging in.

View block

This mode blocks views of the pages entirely.