From 938f65d8fa1d6dd60e70442c7b55c88b7465cb00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C5=BEe=20Fortun?= Date: Tue, 1 Oct 2024 09:56:14 +0200 Subject: [PATCH] Add privacy to the .env.example HTTP_WEBAPP_LIST --- server/.env.example | 92 ++++++++++++++++++++++----------------------- 1 file changed, 46 insertions(+), 46 deletions(-) diff --git a/server/.env.example b/server/.env.example index 80b3d16f5..d34888a1a 100644 --- a/server/.env.example +++ b/server/.env.example @@ -33,7 +33,7 @@ ############################################################################### # Allow insecure (invalid, expired TLS/SSL certificates) connections. -# +# # [IMPORTANT] # ==== # We strongly recommend keeping this value set to false except for local development or demos. @@ -171,8 +171,8 @@ ############################################################################### # Type: string -# Default: admin,compose,workflow,reporter -# HTTP_WEBAPP_LIST=admin,compose,workflow,reporter +# Default: admin,compose,workflow,reporter,privacy +# HTTP_WEBAPP_LIST=admin,compose,workflow,reporter,privacy ############################################################################### # Is SSL termination enabled in ingres, proxy or load balancer that is in front of Corteza? @@ -203,7 +203,7 @@ ############################################################################### # Password for the web console endpoint. When running in dev environment, password is not required. -# +# # Corteza intentionally sets default password to random chars to prevent security incidents. # Type: string # Default: @@ -290,7 +290,7 @@ # Email sending # # Configure your local SMTP server or use one of the available providers. -# +# # These values are copied to settings when the server starts and can be managed from the administration console. # We recommend you remove these values after they are copied to settings. # If server detects difference between these options and settings, it shows a warning in the log on server start. @@ -430,7 +430,7 @@ ############################################################################### # Password security allows you to disable constraints to which passwords must conform to. -# +# # [CAUTION] # ==== # Disabling password security can be useful for development environments as it removes the need for complex passwords. @@ -442,12 +442,12 @@ ############################################################################### # Algoritm to be use for JWT signature. -# +# # Supported valus: # - HS256, HS384, HS512 # - PS256, PS384, PS512, # - RS256, RS384, RS512 -# +# # Provide shared secret string for HS256, HS384, HS512 and full private key or path to the file PS* and RS* algorithms. # Type: string # Default: HS512 @@ -456,7 +456,7 @@ ############################################################################### # Secret used for signing JWT tokens. # Value is used only when HS256, HS384 or HS512 algorithm is used. -# +# # [IMPORTANT] # ==== # If secret is not set, system auto-generates one from DB_DSN and HOSTNAME environment variables. @@ -480,7 +480,7 @@ ############################################################################### # Lifetime of the refresh token. Should be much longer than lifetime of the access token. -# +# # Refresh tokens are used to exchange expired access tokens with new ones. # Type: time.Duration # Default: 72h @@ -488,7 +488,7 @@ ############################################################################### # Redirect URL to be sent with OAuth2 authentication request to provider -# +# # `provider` placeholder is replaced with the actual value when used. # Type: string # Default: @@ -496,7 +496,7 @@ ############################################################################### # Secret used for securing cookies -# +# # [IMPORTANT] # ==== # If secret is not set, system auto-generates one from DB_DSN and HOSTNAME environment variables. @@ -539,21 +539,21 @@ ############################################################################### # Maximum time user is allowed to stay idle when logged in without "remember-me" option and before session is expired. -# +# # Recomended value is between an hour and a day. -# +# # [IMPORTANT] # ==== # This affects only profile (/auth) pages. Using applications (admin, compose, ...) does not prolong the session. # ==== -# +# # Type: time.Duration # Default: 24h # AUTH_SESSION_LIFETIME=24h ############################################################################### # Duration of the session in /auth lasts when user logs-in with "remember-me" option. -# +# # If set to 0, "remember-me" option is removed. # Type: time.Duration # Default: 8640h @@ -580,7 +580,7 @@ ############################################################################### # Secret used for securing CSRF protection -# +# # [IMPORTANT] # ==== # If secret is not set, system auto-generates one from DB_DSN and HOSTNAME environment variables. @@ -610,19 +610,19 @@ ############################################################################### # Handle for OAuth2 client used for automatic redirect from /auth/oauth2/go endpoint. -# +# # This simplifies configuration for OAuth2 flow for Corteza Web applications as it removes # the need to suply redirection URL and client ID (oauth2/go endpoint does that internally) -# +# # Type: string # Default: corteza-webapp # AUTH_DEFAULT_CLIENT=corteza-webapp ############################################################################### # Path to js, css, images and template source files -# +# # When corteza starts, if path exists it tries to load template files from it. -# +# # When empty path is set (default value), embedded files are used. # Type: string # Default: @@ -631,7 +631,7 @@ ############################################################################### # When enabled, corteza reloads template before every execution. # Enable this for debugging or when developing auth templates. -# +# # Should be disabled in production where templates do not change between server restarts. # Type: bool # Default: @@ -640,7 +640,7 @@ ############################################################################### # When set, Corteza creates one or more users with the configured values using provided email as a password. # It skips existing (email, handle). All new users are assigned to all bypass roles. -# +# # When set in production, Corteza stops and reports an error # Type: string # Default: @@ -818,16 +818,16 @@ ############################################################################### # List of compa delimited languages (language tags) to enable. # In case when an enabled language can not be loaded, error is logged. -# +# # When loading language configurations (config.xml) from the configured path(s). -# +# # Type: string # Default: en # LOCALE_LANGUAGES=en ############################################################################### # One or more paths to locale config and translation files, separated by colon -# +# # When with LOCALE_DEVELOPMENT_MODE=true, default value for path is ../../locale # Type: string # Default: @@ -837,7 +837,7 @@ # Name of the query string parameter used to pass the language tag (it overrides Accept-Language header). # Set it to empty string to disable detection from the query string. # This parameter is ignored if only one language is enabled -# +# # Type: string # Default: lng # LOCALE_QUERY_STRING_PARAM=lng @@ -868,9 +868,9 @@ ############################################################################### # Disables json format for logging and enables more human-readable output with colors. -# +# # Disable for production. -# +# # Type: bool # Default: # LOG_DEBUG= @@ -878,11 +878,11 @@ ############################################################################### # Minimum logging level. If set to "warn", # Levels warn, error, dpanic panic and fatal will be logged. -# +# # Recommended value for production: warn -# +# # Possible values: debug, info, warn, error, dpanic, panic, fatal -# +# # Type: string # Default: warn # LOG_LEVEL=warn @@ -890,25 +890,25 @@ ############################################################################### # Log filtering rules by level and name (log-level:log-namespace). # Please note that level (LOG_LEVEL) is applied before filter and it affects the final output! -# +# # Leave unset for production. -# +# # Example: # `warn+:* *:auth,workflow.*` # Log warnings, errors, panic, fatals. Everything from auth and workflow is logged. -# -# +# +# # See more examples and documentation here: https://github.com/moul/zapfilter -# +# # Type: string # Default: # LOG_FILTER= ############################################################################### # Set to true to see where the logging was called from. -# +# # Disable for production. -# +# # Type: bool # Default: # LOG_INCLUDE_CALLER= @@ -916,9 +916,9 @@ ############################################################################### # Include stack-trace when logging at a specified level or below. # Disable for production. -# +# # Possible values: debug, info, warn, error, dpanic, panic, fatal -# +# # Type: string # Default: dpanic # LOG_STACKTRACE_LEVEL=dpanic @@ -1013,11 +1013,11 @@ # # Provisioning allows you to configure a {PRODUCT_NAME} instance when deployed. # It occurs automatically after the {PRODUCT_NAME} server starts. -# +# # [IMPORTANT] # ==== # We recommend you to keep provisioning enabled as it simplifies version updates by updating the database and updating settings. -# +# # If you're doing local development or some debugging, you can disable this. # ==== # @@ -1043,7 +1043,7 @@ # ==== # These parameters help in the development and testing process. # When you are deploying to production, these should be disabled to improve performance and reduce storage usage. -# +# # You should configure external services such as Sentry or ELK to keep track of logs and error reports. # ==== # @@ -1149,7 +1149,7 @@ # Delay system startup # # You can configure these options to defer API execution until another external (HTTP) service is up and running. -# +# # [ TIP ] # ==== # Delaying API execution can come in handy in complex setups where execution order is important. @@ -1173,7 +1173,7 @@ ############################################################################### # Space delimited list of hosts and/or URLs to probe. # Host format: `host` or `host:443` (port will default to 80). -# +# # [NOTE] # ==== # Services are probed in parallel.