Hatthi

Manage authorization permissions for authenticated models.

To add a new permission, click on the add permission button (), insert the permission name and confirm the insertion.

Each row will display permissions for the corresponding model.

You may optionally attach roles for each permission. This means that the attached roles will always have the permissions they are attached to.

To view and optionally detach a role, click on the attached roles button (). From the list, click on the detach button () to detach the role from the current permission.

To delete the current role, click on the delete role button () and confirm the deletion.

Manage authorization roles for authenticated models.

To add a new role, click on the add role button (), insert the role name and confirm the insertion.

Each row will display roles for the corresponding model.

You may optionally give permissions to each role. This means that the current role will always have the given permissions.

To view and optionally revoke a permission, click on the given permissions button (). From the list click on the revoke button () to revoke the permissions from the current role.

To delete the current permission, click on the delete permission button () and confirm the deletion.

Manage Content Security Policy directives.

You may want toinclude CSP directives in the project responses to prevent the exploitation of cross-site scripting vulnerabilities (XSS attacks).

Add a new directive by clicking the () Add Directive button and select the desired directive from the list.

Each directive can have multiple values.

Add a value to a directive by clicking on the add value button () and select a predefined value from the list or insert a custom value and confirm the insertion.

To delete a single value, click on the delete value button () and confirm deletion.

Delete an entire directive by clicking on the delete directive button () button and confirm deletion.

Use the nonce directive on the script-src-elem directive.

You may optionally want to have a nonce constraint on the <script> tags in your HTML pages. This directive will tell Hatthi to generate code to support that requirement by adding the nonce attribute on those elements.

To enable this feature just check the nonce option.

For more information about nonce click on the info button.

Set a rate limit on some or all of your routes, route groups or subdomains.

Rate limiters allow you to define a limit to the number of requests in a certain amount of time.

Each limiter has a name. You may specify one or more subdomains, route groups or routes on which to apply the limit.

Constrainted subdomain, routes and route groups can be delete clicking on the delete constraint button ().

Next you need to define how many requests are allowed at most in a certain period of time, defined in minutes(m), hours(h) or days(d).

You may optionally opt to segment a limiter to have different values for unauthenticated and authenticated users.

By clicking the delete button () and confirming the action, the limiter will be removed.

Easily manage basic security options.

By default all of the three options are enabled.

The CSRF protection protects your project against Cross Site Resource Forgery attacks.

Input Trimming will trim all input fields of incoming requests to ensure there are no leading and trailing spaces.

Finally Input Normalization will convert empty input field in incoming request to a null value.

Each of these options can be disabled for the whole project, by unchecking the corresponding icon, or to exclude just some routes.

To remove an excluded route, click the delete () button.