The routing configuration defined in the xs-app.json file contains the properties used by the application router.
The following example of an xs-app.json application descriptor shows the JSON-compliant syntax required and the properties that either must be set or can be specified as an additional option.
{ "welcomeFile": "index.html", "authenticationMethod": "route", "sessionTimeout": 10, "pluginMetadataEndpoint": "/metadata", "routes": [ { "source": "^/sap/ui5/1(.*)$", "target": "$1", "destination": "ui5", "csrfProtection": false }, { "source": "/employeeData/(.*)", "target": "/services/employeeService/$1", "destination": "employeeServices", "authenticationType": "xsuaa", "scope": ["$XSAPPNAME.viewer", "$XSAPPNAME.writer"], "csrfProtection": true }, { "source": "^/(.*)$", "target": "/web/$1", "localDir": "static-content", "replace": { "pathSuffixes": ["/abc/index.html"], "vars": ["NAME"] }, { "source": "^/user-api(.*)", "target": "$1", "service": "sap-approuter-userapi" } } ], "login": { "callbackEndpoint": "/custom/login/callback" }, "logout": { "logoutEndpoint": "/my/logout", "logoutPage": "/logout-page.html" }, "destinations": { "employeeServices": { "logoutPath": "/services/employeeService/logout", "logoutMethod": "GET" } }, "responseHeaders" : [ {"name": "Content-Security-Policy", "value": "default-src 'self'"} ], "compression": { "minSize": 2048 }, "whitelistService": { "endpoint": "/whitelist/service" }, "websockets": { "enabled": true }, "errorPage": [ {"status": [400,401,402], "file": "/custom-err-4xx.html"}, {"status": 501, "file": "/custom-err-501.html"} ] }
The following table lists the properties that either must be set or can be specified as an additional option. Click on the links for information for each property:
|
Property |
Type |
Description |
|---|---|---|
|
String |
The Web page served by default if the HTTP request does not include a specific path, for example, index.html. |
|
|
String |
The method used to authenticate user requests, for example: “route” or “none” (no authentication). |
|
|
Number |
Define the amount of time (in minutes) for which a session can remain inactive before it closes automatically (times out); the default time out is 15 minutes.
|
|
|
Array |
Defines all route objects, for example: |
|
|
Object |
A redirect to the application router at a specific endpoint takes place during OAuth2 authentication with the User Account and Authentication service (UAA). |
|
|
Object |
You can define any options that apply if you want your application to have central log out end point. |
|
|
Object |
Specify any additional options for your destinations. |
|
|
Object |
Specify options for a service in your application. |
|
|
Array |
Add custom response headers to your application. |
|
|
Object |
The |
|
|
String |
Adds an endpoint that serves a JSON string representing all configured plugins. |
|
|
Object |
Enable the allowlist service to help preventing click-jacking attacks. |
|
|
Object |
The application router can forward web-socket communication. Web-socket communication must be enabled in the application router configuration. |
|
|
Array |
Errors originating in the application router show the HTTP status code of the error. It is possible to display a custom error page using the |
Related Information