Service
Auth: The saved request (BLSR
), saved authorized client (BL-ACS-*
), and saved authorization request (BLSAR
) cookies now default to SameSite=Lax
in their attributes.
This change may affect behavior if BLC cookies are used as third-party cookies, or if there is no gateway in front of the auth service (not recommended).
Auth: By default, all responses will now include Content-Security-Policy
(CSP) headers with directives default-src 'self'; base-uri 'self'
.
This change may affect behavior if any served webpages include inline resources (scripts, styles, etc) or resources loaded from origins different from the one loading the document.
Cart Operations: The deprecated Cart cookie (BLCART
) now defaults to SameSite=Lax
in its attributes.
This change may affect behavior if this deprecated functionality is still in use, particularly if BLC cookies are used as third-party cookies, or if there is no gateway in front of the cart operations service (not recommended).
Property | Description |
---|---|
|
If |
Property | Description |
---|---|
|
Enables the Embedded login. This is |
|
The character set to use when generating password tokens. |
|
The length of a generated password token. Defaults to 32. |
|
If true, a password reset action will unlock a user on a successful password reset action. Default value is |
|
If true, a locked user can trigger a password reset. Default value is |
|
Whether the registration form requires that there be a password confirmation field where the user has to re-enter their password. This must match the password field. This decreases the changes the user mistypes their password when registering. |
|
Properties configuring Content Security Policy behavior.
See |
|
Whether or not to enable content security policy behavior. Defaults to |
|
Configures whether to include the 'default-src' content security policy directive. Defaults to |
|
If enabled, this is the value to use for the |
|
Configures whether to include the |
|
If enabled, this is the value to use for the |
|
A list of additional directives that should be added to the content security policy header. Each must include both the directive name and the value. This will automatically be combined in the final result with a semicolon separator. Defaults to empty list. |
|
The value to use for the SameSite attribute on the cookies responsible for saving authorization requests.
Can be |
|
The value to use for the SameSite attribute on the cookies responsible for storing authorized clients.
Can be |
|
The value to use for the SameSite attribute on the "saved request" cookie responsible for redirecting users following an authentication request.
Can be |
|
If |
|
Whether or not anonymization is enabled at all. Defaults to |
|
Whether or not anonymization specific to the |
Property | Description |
---|---|
|
The value to use for the SameSite attribute on the cart cookie.
Can be |
Property | Description |
---|---|
|
Whether or not anonymization is enabled at all. Defaults to |
|
Whether or not anonymization specific to the |
|
Whether or not anonymization specific to the |
Property | Description |
---|---|
|
Whether or not anonymization is enabled at all. Defaults to |
|
Whether or not anonymization specific to the |
|
Whether or not anonymization specific to the |
|
Whether or not anonymization specific to the |
|
Whether or not anonymization specific to the |
|
Whether or not anonymization specific to the |
|
Whether or not anonymization specific to the |