Configuration File Settings for Spotfire Web Player

These tables provide information about the configuration files for Spotfire Web Player and its interactions with Spotfire Server and Spotfire Automation Services using APIs.

Table 1. Spotfire.Dxp.Worker.Web.configFor more information, see Spotfire.Dxp.Worker.Web.config help.
Setting	Default value	Description
/javascriptApi -`<javaScriptApi enabled="true" domain="domain1.com,domain2.com">`	JavaScript API enabled, all domains allowed	Controls whether the use of the JavaScript API is enabled or not enabled, and from which domains it is possible to use the JavaScript API. A non-empty domain whitelist indicates that only listed domains are able to embed Spotfire files in their web site using the JavaScript API. The list is a comma-separated list of domain names.
/analysis/inactivityTimeout	2 hours	Timeout for inactive analyses. A Spotfire file is closed after the `inactivityTimeout` is reached. In practice, a session timeout is not shorter than the `inactivityTimeout` value because an open analysis file in a web browser continuously renews the session, so the session timeout is not met. Only after the session has no open files left, and the user session is not actively connected to Spotfire Server, the session timeout starts counting. This design ensures that every HTTP request renews the session.

Table 2. Spotfire.Dxp.Worker.Core.configThis configuration file specifies settings for the service's communication with the Spotfire Server, and if sections in configuration files should be encrypted. For more information, see Spotfire.Dxp.Worker.Core.config help.
Setting	Default value	Description
/cryptography@encryptConfigurationSections	`true`	Set to `true` to encrypt sections of configuration files containing sensitive information.
/cryptography@DataProtectionConfigurationProvider	`DataProtectionConfigurationProvider`	On Windows: By default the `DataProtectionConfigurationProvider` uses Windows Data Protection API (DPAPI) to encrypt sections of the configuration with a machine-specific secret key which means that the encrypted sections can only be decrypted from the same machine as the service is running on. See Encrypting Configuration Information Using Protected Configuration for more information. On Linux: Our own provider is used.

Table 3. Spotfire.Dxp.Worker.Host.exe.config or Spotfire.Dxp.Worker.Host.dll.configSpotfire.Dxp.Worker.Host.exe.config is the configuration file for both Spotfire Web Player and Spotfire Automation Services on Windows. When running on Linux, the config file is called Spotfire.Dxp.Worker.Host.dll.config. See Spotfire.Dxp.Worker.Host.exe.config file and Spotfire.Dxp.Worker.Host.dll.config help for more information.
Setting	Default value	Description
/Spotfire.Dxp.Internal.Properties.Settings/AllowedTlsVersions	`Tls, Tls11, Tls12`	Determines which versions of the TLS security protocol are allowed. Specify the values separated by a comma ",". For information about the possible values for this setting, refer to the .NET enum `SecurityProtocolType`. If you leave the value for this setting blank, the allowed TLS versions are set to `SystemDefault`. If you remove the setting from the configuration file, the allowed TLS versions are set to the default value.
/Spotfire.Dxp.Data.Properties.Settings/AllowedFilePaths	Empty	A list of directories that Spotfire Web Player or Spotfire Automation Services are allowed to use as file data sources. Add only approved network shares or other paths that contain files that should be possible to load in a Spotfire file. For security reasons, you should not add entire drive letters such as C:\ because that would allow Spotfire users to read local files from the Spotfire Web Player service. Note: The names are checked in a case-insensitive manner.
/system.net/defaultProxy		On Windows: If the Spotfire Web Player or Spotfire Automation Services should use a proxy server to reach internal and external networks, one can be enabled in this file.