ActiveTransfer Server 10.15 | webMethods ActiveTransfer Documentation | Administering ActiveTransfer Server | Server Configuration Parameters and Variables | Security Configuration Parameters | mft.web.security
 
mft.web.security
This section describes the web security parameter that you can configure to make the ActiveTransfer web client more secure.
mft.web.security.httpOnly
Specifies if the httpOnly header is added to all HTTP requests from ActiveTransfer Web client. The default is false.
mft.server.http.header.verification.enable
ActiveTransfer web client supports a set of white listed HTTP headers which can be added to the installation_dir\IntegrationServer\instances\default\packages\WmMFT\config\headers.txt file. This header check can now be disabled by setting this property to false. The default value of this property is true.
mft.web.security.sameSite
Specifies if sameSite header is added to all HTTP requests from ActiveTransfer Web client. The default value is false.
mft.web.security.csrf
Specifies if CSRF header is added to all HTTP requests from ActiveTransfer Web client. The default value is false.
Note:
This property is available with ActiveTransfer 9.7 Fix 3 or later.