Configuration options
Contents
The following configuration options are available for Guillotine
Config file
To configure Guillotine, add a configuration file to your XP instance’s config folder.
com.enonic.app.guillotine.cfg
queryplayground.ui.mode=off (1)
graphql.extensions.modifyUnknownField=throw (2)
cors.origin= https://example.com, https://admin.example.com (3)
cors.credentials=true|false (4)
cors.allowedHeaders=Content-Type (5)
cors.methods=POST, OPTIONS (6)
cors.exposedHeaders = X-Request-Id, X-Custom-Header (7)
cors.maxAge= 3600 (8)
maxQueryTokens=15000 (9)| 1 | Enables or disables Query playground on project root.
|
||
| 2 | Allows you to modify the default behaviour during modification of unknown fields. Possible values are: throw - to throw an error if it tries to modify an unknown field, ignore - to ignore modification modify an unknown field, or warn - to log a warning on unknown field modification. Default is throw. |
||
| 3 | Allowed origin(s), comma-separated. Omit this field to disable CORS. Supports ~-prefixed regex patterns for dynamic matching (e.g. ~https://.\.example\.com). Can use ~.* to reflect all. |
||
| 4 | Sets the Access-Control-Allow-Credentials header to allow credentials in CORS requests. Default is false. |
||
| 5 | Sets the Access-Control-Allow-Headers header to allow headers in CORS requests. If cors.allowedHeaders is not configured and a request includes Access-Control-Request-Headers, that value is reflected in Access-Control-Allow-Headers. |
||
| 6 | Sets the Access-Control-Allow-Methods header to allow methods in CORS requests. Guillotine handlers only POST and OPTIONS. Default is GET, HEAD, POST. |
||
| 7 | Extra response headers to expose beyond the CORS safelist. If you configure cors.exposedHeaders = , browsers only treat |
||
| 8 | Sets the Access-Control-Max-Age header to specify preflight cache duration in seconds |
||
| 9 | If the number of raw tokens exceeds the specified maximum, the parser will throw an exception. Default is 15000. |