-
Notifications
You must be signed in to change notification settings - Fork 0
/
base.ini
111 lines (88 loc) · 3.58 KB
/
base.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
[server]
; Should this server log to opcode's central audit system
opcode_audit = false
[identity]
cookie_key = identity
; How long (in seconds) before the session expires (15 minutes, OWASP low-value default))
activity_timeout = 900
; How long (in seconds) before the session expires if the session isn't for a logged in user (15 minutes, OWASP low-value default))
anonymous_activity_timeout = 900
; How long (in seconds) before the session expires regardless of activity (1 day)
session_timeout = 86400
; How long (in seconds) before the cookie expires (default on browser close)
cookie_expiry =
; No access from javascript to the cookie
http_only = true
; Default to all current domain/all paths
domain =
path = /
[security]
; Whether to add puffer cookie to mitigate CRIME
puffer_headers = true
; Whether to add puffer content to mitigate BREACH
puffer_response = true
; Whether to shadow CSRF secrets in-page to mitigate BREACH
shadow_csrf = true
; Whether to deny framing, restrict to same origin, or any
frames = sameorigin
; Whether to inform users with disabled accounts who try to log in, that their
; account is disabled (as opposed to saying "incorrect email/password")
reveal_disabled_accounts = false
; What URL the login page is at. By default it's at /auth/login, but if an app
; makes its own endpoint for login, change this
login_url = /auth/login
[features]
; In this section, you can add flags for various application features that you
; want to enable/disable between deployments. These are not trex features, they're
; up to you. You can get at these values within the app like so:
;
; if app.has_feature('name'):
; # code to run if the feature is enabled
;
; Or in the templates like this:
;
; {% if has_feature('name') %}
; {# stuff to display if the feature is enabled
; {% endif %}
[mail]
; The default service to use when sending email (either postmark or sendgrid)
default_service = postmark
; When sending, if the 'to' address matches this regex, don't actually send it
ignore_send_regex =
[trex]
; When users enter their email for password resets, do we tell them if no account exists
notify_user_of_invalid_email_on_recovery_attempt = false
; What version of bootstrap this site uses
bootstrap_version = 3
; After a WSGI reload happens, ping this url to reload the server.
; The request will go to this url, and have a Host header of the app URL. This
; allows you to deploy to a cluster by setting this url to http://localhost/.
deploy_ping_url = http://localhost/
[quantum]
; Date formats for the 'quantum' filter. The config value for 'format_foo' is
; available in templates as {{ my_date | quantum('foo') }}. These values are
; passed to strftime
format_date = %-e %b %Y
format_date_full = %-e %B %Y
format_time = %H:%M
format_time_12h = %l:%M%P
format_datetime = %-e %b %Y %H:%M
format_datetime_12h = %-e %B %Y %l:%M%P
[papertrail]
log_to_papertrail = False
host = logs.papertrailapp.com
# port =
; The authentication bucket for rate limiting
[ratelimit_authentication]
; How many requests are allowed to fail from an IP in the given window size
allowed_failures = 10
; How large the window is, in seconds. For relevant requests, if more than allowed_failures happen from an IP in
; window_size, the request will immediately fail. Note that there is a cronjob that cleans up old entries in the
; rate limit buffer, with a hard-coded age after which entries are removed (currently 4 hours), so your window
; size cannot be longer than that.
window_size = 600
[cdn]
; Whether to allow CORS for CDN files
allow_cors = false
; What origins to allow CORS from
allow_cors_origin = *