lib/hooks/security/README.md
Stability: 2 - Stable
In order for this hook to load, the following other hooks must have already finished loading:
If this hook is disabled, in order for Sails to load, the following other core hooks must also be disabled:
N/A
This hook's responsibilities are:
When Sails loads, this hook binds a router:before listener so that it can bind routes before the router binds explicit routes. Then it binds shadow routes for the appropriate endpoints based on sails.config.cors (also mixing in its implicit defaults).
It generates security/grant-csrf-token action
This hook sets the following implicit default configuration on sails.config.security:
| Property | Type | Default |
|---|---|---|
sails.config.security.cors.allowOrigins | ((string)) | '*' |
sails.config.security.cors.allRoutes | ((boolean)) | false |
sails.config.security.cors.allowCredentials | ((boolean)) | false |
sails.config.security.cors.allowRequestMethods | ((string)) | 'GET, HEAD, PUT, PATCH, POST, DELETE' |
sails.config.security.cors.allowRequestHeaders | ((string)) | 'content-type' |
sails.config.security.cors.allowResponseHeaders | ((string)) | '' (empty string) |
sails.config.security.cors.allowAnyOriginWithCredentialsUnsafe | ((boolean)) | false |
sails.config.security.csrf | ((boolean)) | false |
hook:security:loadedEmitted when this hook has been automatically loaded by Sails core, and triggered the callback in its initialize function.
If you have a question that isn't covered here, please feel free to send a PR adding it to this section (even if you don't have the answer!)