# keep_web_download_url: https://download.uuid_prefix.arvadosapi.com/c=%{uuid_or_pdh}
keep_web_download_url: false
- # In "trust all content" mode, Workbench will redirect users to
- # keep-web even when that exposes XSS vulnerabilities.
+ # In "trust all content" mode, Workbench will redirect download
+ # requests to keep-web, even in the cases when keep-web would have
+ # to expose XSS vulnerabilities in order to handle the redirect.
#
- # When enabling this setting, the corresponding setting on the
- # keep-web server must also be enabled.
+ # When enabling this setting, the -trust-all-content flag on the
+ # keep-web server must also be enabled. For more detail, see
+ # https://godoc.org/github.com/curoverse/arvados/services/keep-web
+ #
+ # This setting has no effect in the recommended configuration, where
+ # the host part of keep_web_url begins with %{uuid_or_pdh}: in this
+ # case XSS protection is provided by browsers' same-origin policy.
+ #
+ # The default setting (false) is appropriate for a multi-user site.
trust_all_content: false
+
+ # Maximum number of historic log records of a running job to fetch
+ # and display in the Log tab, while subscribing to web sockets.
+ running_job_log_records_to_fetch: 2000
projects / arvados.git / blobdiff