| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| blocks:server_configuration_file [2024-10-25 08:08] – admin | blocks:server_configuration_file [2025-12-17 14:00] (current) – [Top level server item] admin |
|---|
| * **type**. Server type. Must be set to //pixilab_server//. | * **type**. Server type. Must be set to //pixilab_server//. |
| * **corsPath** and **corsAllowOrigin**. If you want to accept calls from other servers/clients, e.g., to endpoints specified by user scripts (using the [[https://github.com/pixilab/blocks-script/blob/master/system_lib/Metadata.ts#L136|@resource annotation]]), specify the root path of such requests, and the [[https://stackoverflow.com/questions/10636611/how-does-access-control-allow-origin-header-work|Access-Control-Allow-Origin]] header to be returned here. | * **corsPath** and **corsAllowOrigin**. If you want to accept calls from other servers/clients, e.g., to endpoints specified by user scripts (using the [[https://github.com/pixilab/blocks-script/blob/master/system_lib/Metadata.ts#L136|@resource annotation]]), specify the root path of such requests, and the [[https://stackoverflow.com/questions/10636611/how-does-access-control-allow-origin-header-work|Access-Control-Allow-Origin]] header to be returned here. |
| * ** applicationConnectors**. specifies the connection details for the web server, such as port numbers used, etc. | * ** applicationConnectors**. Specifies the connection details for the web server, such as port numbers used, etc. |
| | * **allowCrossSiteAuth**. Set to true to allow cross-site authentication (e.g. for the Blocks editor), such as from within an IFRAME. Browsers allow this only under HTTPS, so you'll need HTTPS and a certificate to use this feature in addition to setting this option to true. |
| |
| See below for details on server sub-options. | See below for details on server sub-options. |
| Specifies advanced authentication and authorization options. The settings shown above correspond to the defaults if no auth section is provided. In most cases, you don't need to specify these settings. If you specify the //internalForm// authorization method, a "Log Out" command will be added to Blocks' Page menu, allowing you to explicitly log out. The OidcClient setting allows for integration with single-sign-on systems such as [[blocks:sso:adfs|Active Directory]] or [[blocks:sso:okta|OKTA]]. | Specifies advanced authentication and authorization options. The settings shown above correspond to the defaults if no auth section is provided. In most cases, you don't need to specify these settings. If you specify the //internalForm// authorization method, a "Log Out" command will be added to Blocks' Page menu, allowing you to explicitly log out. The OidcClient setting allows for integration with single-sign-on systems such as [[blocks:sso:adfs|Active Directory]] or [[blocks:sso:okta|OKTA]]. |
| |
| :!: **IMPORTANT**: While the //internalForm// method provides log-out functionality, it also sends all authoriztion credentials, including your password, as clear text. The default //internalDigest// method, while not providing any log-out functionality, avoids sending your password as clear text. When using Blocks on publicly accessible networks, you're strongly advised to use and only allow [[blocks:server:nginx|encrypted connection#https_domain_name_and_certificate]] (HTTPS) for all editing operations. | :!: **IMPORTANT**: While the //internalForm// method provides log-out functionality, it also sends authentication credentials, including your password, as clear text if used under HTTP. The default //internalDigest// method, while not providing any log-out functionality, avoids sending your password as clear text. When using Blocks on a publicly accessible network, you're strongly advised to use and only allow [[blocks:server:nginx#https_domain_name_and_certificate|encrypted HTTPS connection]] for all editing operations. |
| ==== Top level tftp item ==== | ==== Top level tftp item ==== |
| Specifies options for the built-in TFTP-server. This is intended for [[blocks:server:pxe-boot|network booting]] of PIXILAB Player. It accepts the following options: | Specifies options for the built-in TFTP-server. This is intended for [[blocks:server:pxe-boot|network booting]] of PIXILAB Player. It accepts the following options: |
| apiKeys: | apiKeys: |
| upload: "super-secret" # Value required as apiKey query parameter for uploads | upload: "super-secret" # Value required as apiKey query parameter for uploads |
| | spotSnap: "spot-screen-spy" # Value required as apiKey for viewing screenshots |
| customKey: "super-secret2" | customKey: "super-secret2" |
| </code> | </code> |
| |
| The //upload// key's value (if specified) will be used by Blocks' [[blocks:api:upload|file upload API]]. When specified, all uploads must add an //apiKey// query parameter to their URL, with the value specified for the //upload// key. | The //upload// key's value (if specified) will be used by Blocks' [[blocks:api:upload|file upload API]]. When specified, all uploads must add an //apiKey// query parameter to their URL, with the value specified for the //upload// key. |
| | |
| | The //spotSnap// key's value (if specified) will allow Blocks' [[blocks:api:spot-screenshot|Display Spot Screenshot API]] to be used from non-authenticated clients. This setting was added in Blocks 7.4. |
| |
| You can specify additional key/value pairs, as exemplified by the //customKey// key/value shown above. Such a key can then be applied to custom API endpoints decorated by @resource by also applying an @apiKey decorator, like this: | You can specify additional key/value pairs, as exemplified by the //customKey// key/value shown above. Such a key can then be applied to custom API endpoints decorated by @resource by also applying an @apiKey decorator, like this: |