yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-12-10 06:23:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
strapi/docs/.vuepress/dist/1.x.x/configuration.html
Jim LAURIE 25ab8e7bef Add base /documentation
2018-10-05 17:24:17 +02:00

314 lines
67 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en-US">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>Configuration | Strapi Docs</title>
<meta name="description" content="API creation made simple, secure and fast.">
<link rel="preload" href="/documentation/assets/css/styles.a8210063.css" as="style"><link rel="preload" href="/documentation/assets/js/app.a8210063.js" as="script"><link rel="preload" href="/documentation/assets/js/8.dc78e1c2.js" as="script"><link rel="prefetch" href="/documentation/assets/js/28.9b077c15.js"><link rel="prefetch" href="/documentation/assets/css/1.styles.77d89b12.css"><link rel="prefetch" href="/documentation/assets/js/1.77d89b12.js"><link rel="prefetch" href="/documentation/assets/css/2.styles.08038ddb.css"><link rel="prefetch" href="/documentation/assets/js/2.08038ddb.js"><link rel="prefetch" href="/documentation/assets/js/3.4d92d5e3.js"><link rel="prefetch" href="/documentation/assets/js/4.385ae6a0.js"><link rel="prefetch" href="/documentation/assets/js/5.edd21cb3.js"><link rel="prefetch" href="/documentation/assets/js/6.fd6e4b24.js"><link rel="prefetch" href="/documentation/assets/js/7.e1f45fa9.js"><link rel="prefetch" href="/documentation/assets/js/9.fd6a21e6.js"><link rel="prefetch" href="/documentation/assets/js/10.f9e7d997.js"><link rel="prefetch" href="/documentation/assets/js/11.bfb9de0f.js"><link rel="prefetch" href="/documentation/assets/js/12.124227d1.js"><link rel="prefetch" href="/documentation/assets/js/13.d8092700.js"><link rel="prefetch" href="/documentation/assets/js/14.7cfd4cb8.js"><link rel="prefetch" href="/documentation/assets/js/15.55a20f7c.js"><link rel="prefetch" href="/documentation/assets/js/16.5c84c402.js"><link rel="prefetch" href="/documentation/assets/js/17.1c93d494.js"><link rel="prefetch" href="/documentation/assets/js/18.e1f1758f.js"><link rel="prefetch" href="/documentation/assets/js/19.8d1b00cd.js"><link rel="prefetch" href="/documentation/assets/js/20.856d7bdd.js"><link rel="prefetch" href="/documentation/assets/js/21.6f851286.js"><link rel="prefetch" href="/documentation/assets/js/22.7ddb4e1d.js"><link rel="prefetch" href="/documentation/assets/js/23.15e5a0c3.js"><link rel="prefetch" href="/documentation/assets/js/24.6fdf34d0.js"><link rel="prefetch" href="/documentation/assets/js/25.21c9a549.js"><link rel="prefetch" href="/documentation/assets/js/26.6608295c.js"><link rel="prefetch" href="/documentation/assets/js/27.2c9596ea.js"><link rel="prefetch" href="/documentation/assets/js/29.8ea8ecc1.js"><link rel="prefetch" href="/documentation/assets/js/30.5d2829b8.js"><link rel="prefetch" href="/documentation/assets/js/31.fad00a3a.js"><link rel="prefetch" href="/documentation/assets/js/32.a6900221.js"><link rel="prefetch" href="/documentation/assets/js/33.bbfb3084.js"><link rel="prefetch" href="/documentation/assets/js/34.0eb2f8aa.js"><link rel="prefetch" href="/documentation/assets/js/35.76c29241.js"><link rel="prefetch" href="/documentation/assets/js/36.dfcc07a1.js"><link rel="prefetch" href="/documentation/assets/js/37.173a8112.js"><link rel="prefetch" href="/documentation/assets/js/38.b86fac79.js"><link rel="prefetch" href="/documentation/assets/js/39.a7d50afe.js"><link rel="prefetch" href="/documentation/assets/js/40.0415492d.js"><link rel="prefetch" href="/documentation/assets/js/41.5ef681df.js"><link rel="prefetch" href="/documentation/assets/js/42.fdd80522.js"><link rel="prefetch" href="/documentation/assets/js/43.03b496f2.js"><link rel="prefetch" href="/documentation/assets/js/44.3f55a367.js"><link rel="prefetch" href="/documentation/assets/js/45.6746c3dc.js"><link rel="prefetch" href="/documentation/assets/js/46.ff6bc353.js"><link rel="prefetch" href="/documentation/assets/js/47.53b7147a.js"><link rel="prefetch" href="/documentation/assets/js/48.31a883aa.js"><link rel="prefetch" href="/documentation/assets/js/49.18bd1a60.js"><link rel="prefetch" href="/documentation/assets/js/50.9b6079cd.js"><link rel="prefetch" href="/documentation/assets/js/51.b67aee1b.js"><link rel="prefetch" href="/documentation/assets/js/52.62bc63b6.js"><link rel="prefetch" href="/documentation/assets/js/53.2c567c55.js"><link rel="prefetch" href="/documentation/assets/js/54.6cc10d25.js"><link rel="prefetch" href="/documentation/assets/js/55.7faca13f.js"><link rel="prefetch" href="/documentation/assets/js/56.0b06ad54.js"><link rel="prefetch" href="/documentation/assets/js/57.a87c48df.js"><link rel="prefetch" href="/documentation/assets/js/58.1c6547d9.js"><link rel="prefetch" href="/documentation/assets/js/59.06f908d7.js"><link rel="prefetch" href="/documentation/assets/js/60.b5156b8d.js"><link rel="prefetch" href="/documentation/assets/js/61.1d5cafa9.js"><link rel="prefetch" href="/documentation/assets/js/62.ccacebe2.js"><link rel="prefetch" href="/documentation/assets/js/63.66946dde.js"><link rel="prefetch" href="/documentation/assets/js/64.d53bdeb7.js"><link rel="prefetch" href="/documentation/assets/js/65.0cd2da1f.js"><link rel="prefetch" href="/documentation/assets/js/66.03059dce.js"><link rel="prefetch" href="/documentation/assets/js/67.6f988923.js"><link rel="prefetch" href="/documentation/assets/js/68.303c1a05.js"><link rel="prefetch" href="/documentation/assets/js/69.3f4ed952.js"><link rel="prefetch" href="/documentation/assets/js/70.531d76be.js"><link rel="prefetch" href="/documentation/assets/js/71.ab3e74fc.js">
<link rel="stylesheet" href="/documentation/assets/css/styles.a8210063.css"><link rel="stylesheet" href="/documentation/assets/css/1.styles.77d89b12.css"><link rel="stylesheet" href="/documentation/assets/css/2.styles.08038ddb.css">
</head>
<body>
<div id="app" data-server-rendered="true"><div class="theme-container"><header class="navbar"><div class="sidebar-button"><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" role="img" viewBox="0 0 448 512" class="icon"><path fill="currentColor" d="M436 124H12c-6.627 0-12-5.373-12-12V80c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12z"></path></svg></div> <a href="/documentation/" class="home-link router-link-active"><!----> <span class="site-name">
Strapi Docs
</span></a> <div class="links"><div class="search-box"><input aria-label="Search" autocomplete="off" spellcheck="false" value=""> <!----></div> <nav class="nav-links can-hide"> <a href="https://github.com/strapi/strapi" target="_blank" rel="noopener noreferrer" class="repo-link">
GitHub
<svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></a></nav></div></header> <div class="sidebar-mask"></div> <div class="sidebar"><nav class="nav-links"> <a href="https://github.com/strapi/strapi" target="_blank" rel="noopener noreferrer" class="repo-link">
GitHub
<svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></a></nav> <div><select class="version-selector"><option value="/3.x.x/">Version 3.x.x</option><option value="/1.x.x/" selected="selected">Version 1.x.x</option></select></div> <ul class="sidebar-links"><li><div class="sidebar-group first"><p class="sidebar-heading open"><span>UsefulLinks</span> <!----></p> <ul class="sidebar-group-items"><li><a href="/documentation/1.x.x/" class="sidebar-link">Introduction</a></li><li><a href="https://strapi.io" class="sidebar-link">Strapi Website</a></li><li><a href="https://github.com/strapi/strapi" class="sidebar-link">GitHub Repository</a></li><li><a href="https://github.com/strapi/strapi/blob/master/CONTRIBUTING.md" class="sidebar-link">Contribution Guide</a></li></ul></div></li><li><a href="/documentation/1.x.x/admin.html" class="sidebar-link">Admin</a></li><li><a href="/documentation/1.x.x/configuration.html" class="active sidebar-link">Configuration</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header"><a href="/documentation/1.x.x/configuration.html#application-package" class="sidebar-link">Application package</a></li><li class="sidebar-sub-header"><a href="/documentation/1.x.x/configuration.html#global-settings" class="sidebar-link">Global settings</a></li><li class="sidebar-sub-header"><a href="/documentation/1.x.x/configuration.html#general-environment-settings" class="sidebar-link">General environment settings</a></li><li class="sidebar-sub-header"><a href="/documentation/1.x.x/configuration.html#request" class="sidebar-link">Request</a></li><li class="sidebar-sub-header"><a href="/documentation/1.x.x/configuration.html#response" class="sidebar-link">Response</a></li><li class="sidebar-sub-header"><a href="/documentation/1.x.x/configuration.html#databases" class="sidebar-link">Databases</a></li><li class="sidebar-sub-header"><a href="/documentation/1.x.x/configuration.html#security" class="sidebar-link">Security</a></li></ul></li><li><a href="/documentation/1.x.x/email.html" class="sidebar-link">Email</a></li><li><a href="/documentation/1.x.x/introduction.html" class="sidebar-link">Introduction</a></li><li><a href="/documentation/1.x.x/queries.html" class="sidebar-link">Query Interface</a></li><li><a href="/documentation/1.x.x/response.html" class="sidebar-link">Response</a></li><li><a href="/documentation/1.x.x/sessions.html" class="sidebar-link">Sessions</a></li><li><a href="/documentation/1.x.x/testing.html" class="sidebar-link">Testing</a></li><li><a href="/documentation/1.x.x/views.html" class="sidebar-link">Views</a></li><li><a href="/documentation/1.x.x/blueprints.html" class="sidebar-link">Blueprints</a></li><li><a href="/documentation/1.x.x/context.html" class="sidebar-link">Context</a></li><li><a href="/documentation/1.x.x/graphql.html" class="sidebar-link">GraphQL</a></li><li><a href="/documentation/1.x.x/logging.html" class="sidebar-link">Logging</a></li><li><a href="/documentation/1.x.x/router.html" class="sidebar-link">Router</a></li><li><a href="/documentation/1.x.x/upload.html" class="sidebar-link">Upload</a></li><li><a href="/documentation/1.x.x/cli.html" class="sidebar-link">CLI</a></li><li><a href="/documentation/1.x.x/customization.html" class="sidebar-link">Customization</a></li><li><a href="/documentation/1.x.x/internationalization.html" class="sidebar-link">Internationalization</a></li><li><a href="/documentation/1.x.x/models.html" class="sidebar-link">Models</a></li><li><a href="/documentation/1.x.x/request.html" class="sidebar-link">Request</a></li><li><a href="/documentation/1.x.x/services.html" class="sidebar-link">Services</a></li><li><a href="/documentation/1.x.x/users.html" class="sidebar-link">Users</a></li></ul> </div> <div class="page"><div class="content"><h1 id="configuration"><a href="#configuration" aria-hidden="true" class="header-anchor">#</a> Configuration</h1> <p>While Strapi dutifully adheres to the philosophy of convention-over-configuration,
it is important to understand how to customize those handy defaults from time to time.
For almost every convention in Strapi, there is an accompanying set of configuration
options that allow you to adjust or override things to fit your needs.</p> <p>Settings specified at the root directory will be available in all environments.</p> <p>If you'd like to have some settings take effect only in certain environments,
you can use the special environment-specific files and folders.
Any files saved under the <code>./config/environments/development</code> directory will be
loaded only when Strapi is started in the <code>development</code> environment.</p> <p>The built-in meaning of the settings in <code>strapi.config</code> are, in some cases,
only interpreted by Strapi during the <code>start</code> process. In other words, changing some
options at runtime will have no effect. To change the port your application is running on,
for instance, you can't just change <code>strapi.config.port</code>. You'll need to change or
override the setting in a configuration file or as a command-line argument,
then restart the server.</p> <h2 id="application-package"><a href="#application-package" aria-hidden="true" class="header-anchor">#</a> Application package</h2> <p><code>strapi.config</code> merge user config from the <code>./config</code> directory with the <code>package.json</code>
of the application.</p> <p>The most important things in your <code>package.json</code> are the name and version fields.
Those are actually required, and your package won't install without them.
The name and version together form an identifier that is assumed to be completely unique.</p> <h3 id="application-name"><a href="#application-name" aria-hidden="true" class="header-anchor">#</a> Application name</h3> <p>The name of the application.</p> <ul><li>Key: <code>name</code></li> <li>Environment: all</li> <li>Location: <code>./package.json</code></li> <li>Type: <code>string</code></li></ul> <p>Notes:</p> <ul><li>The name must be shorter than 214 characters. This includes the scope for scoped packages.</li> <li>The name can't start with a dot or an underscore.</li> <li>New packages must not have uppercase letters in the name.</li> <li>The name ends up being part of a URL, an argument on the command line, and a folder name.
Therefore, the name can't contain any non-URL-safe characters.</li> <li>Don't use the same name as a core Node.js module.</li> <li>Don't put &quot;js&quot; or &quot;node&quot; in the name. It's assumed that it's JavaScript, since you're writing
a <code>package.json</code> file.</li> <li>The name will probably be passed as an argument to <code>require()</code>, so it should be something short,
but also reasonably descriptive. You may want to check the npm registry to see if there's something
by that name already, before you get too attached to it. https://www.npmjs.com/</li> <li>A name can be optionally prefixed by a scope, e.g. <code>@myorg/mypackage</code>.</li></ul> <h3 id="application-version"><a href="#application-version" aria-hidden="true" class="header-anchor">#</a> Application version</h3> <p>Changes to the package should come along with changes to the version.</p> <ul><li>Key: <code>version</code></li> <li>Environment: all</li> <li>Location: <code>./package.json</code></li> <li>Type: <code>string</code></li></ul> <p>Notes:</p> <ul><li>Version must be parseable by <code>node-semver</code>, which is bundled with npm as a dependency.</li></ul> <h3 id="application-description"><a href="#application-description" aria-hidden="true" class="header-anchor">#</a> Application description</h3> <p>The description of your application helps people discover your package, as it's listed in <code>npm search</code>.</p> <ul><li>Key: <code>description</code></li> <li>Environment: all</li> <li>Location: <code>./package.json</code></li> <li>Type: <code>string</code></li></ul> <h2 id="global-settings"><a href="#global-settings" aria-hidden="true" class="header-anchor">#</a> Global settings</h2> <h3 id="public-assets"><a href="#public-assets" aria-hidden="true" class="header-anchor">#</a> Public assets</h3> <p>Public assets refer to static files on your server that you want to make accessible to the
outside world. In Strapi, these files are placed in the <code>./public</code> directory.</p> <p>Strapi is compatible with any front-end strategy; whether it's Angular, Backbone, Ember,
iOS, Android, Windows Phone, or something else that hasn't been invented yet.</p> <ul><li><p>Key: <code>static</code></p></li> <li><p>Environment: all</p></li> <li><p>Location: <code>./config/general.json</code></p></li> <li><p>Type: <code>boolean</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;static&quot;</span><span class="token punctuation">:</span> <span class="token boolean">true</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Notes:</p> <ul><li>Set to <code>false</code> to disable the public assets.</li></ul> <h3 id="views"><a href="#views" aria-hidden="true" class="header-anchor">#</a> Views</h3> <ul><li><p>Key: <code>views</code></p></li> <li><p>Environment: all</p></li> <li><p>Location: <code>./config/general.json</code></p></li> <li><p>Type: <code>object</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;views&quot;</span><span class="token punctuation">:</span> <span class="token boolean">false</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>For more information, please refer to the <a href="http://strapi.io/documentation/views" target="_blank" rel="noopener noreferrer">views documentation<svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></a>.</p> <p>Options:</p> <ul><li><code>map</code>: Object mapping extension names to engine names.</li> <li><code>default</code>: Default extension name to use when missing.</li> <li><code>cache</code>: When <code>true</code> compiled template functions will be cached in-memory,
this prevents subsequent disk I/O, as well as the additional compilation step
that most template engines peform. By default this is enabled when the <code>NODE_ENV</code>
environment variable is anything but <code>development</code>, such as <code>stage</code> or <code>production</code>.</li></ul> <p>Notes:</p> <ul><li>Set to <code>false</code> to disable views support.</li></ul> <h3 id="websockets"><a href="#websockets" aria-hidden="true" class="header-anchor">#</a> WebSockets</h3> <p>Socket.IO enables real-time bidirectional event-based communication.
It works on every platform, browser or device, focusing equally on reliability
and speed.</p> <p>By default Strapi binds Socket.IO and your common websockets features are
available using the <code>io</code> object.</p> <ul><li><p>Key: <code>websockets</code></p></li> <li><p>Environment: all</p></li> <li><p>Location: <code>./config/general.json</code></p></li> <li><p>Type: <code>boolean</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;websockets&quot;</span><span class="token punctuation">:</span> <span class="token boolean">true</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Notes:</p> <ul><li>Set to <code>false</code> to disable websockets with Socket.IO.</li></ul> <h3 id="favicon"><a href="#favicon" aria-hidden="true" class="header-anchor">#</a> Favicon</h3> <p>Set a favicon for your web application.</p> <ul><li><p>Key: <code>favicon</code></p></li> <li><p>Environment: all</p></li> <li><p>Location: <code>./config/general.json</code></p></li> <li><p>Type: <code>object</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;favicon&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">{</span>
<span class="token string">&quot;path&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;favicon.ico&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;maxAge&quot;</span><span class="token punctuation">:</span> <span class="token number">86400000</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Options:</p> <ul><li><code>path</code> (string): Relative path for the favicon to use from the application root directory.</li> <li><code>maxAge</code> (integer): Cache-control max-age directive. Set to pass the cache-control in ms.</li></ul> <p>Notes:</p> <ul><li>Set to <code>false</code> to disable the favicon feature.</li></ul> <h3 id="api-prefix"><a href="#api-prefix" aria-hidden="true" class="header-anchor">#</a> API prefix</h3> <p>Prefix your API aiming to not have any conflicts with your front-end if you have one of if need to
for some other reasons.</p> <ul><li><p>Key: <code>prefix</code></p></li> <li><p>Environment: all</p></li> <li><p>Location: <code>./config/general.json</code></p></li> <li><p>Type: <code>string</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;prefix&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;&quot;</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Notes:</p> <ul><li>Let an empty string if you don't want to prefix your API.</li> <li>The prefix must starts with a <code>/</code>, e.g. <code>/api</code>.</li></ul> <h3 id="blueprints"><a href="#blueprints" aria-hidden="true" class="header-anchor">#</a> Blueprints</h3> <p>The blueprints are a set of useful actions containing all the logic you need to
create a clean RESTful API. The generated controllers and routes are automatically
plugged to the blueprint actions. Thanks to that, as soon as you generate a new API
from the CLI, you can enjoy a RESTful API without writing any line of code.</p> <ul><li><p>Key: <code>blueprints</code></p></li> <li><p>Environment: all</p></li> <li><p>Location: <code>./config/general.json</code></p></li> <li><p>Type: <code>object</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;blueprints&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">{</span>
<span class="token string">&quot;defaultLimit&quot;</span><span class="token punctuation">:</span> <span class="token number">30</span><span class="token punctuation">,</span>
<span class="token string">&quot;populate&quot;</span><span class="token punctuation">:</span> <span class="token boolean">true</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Options:</p> <ul><li><code>defaultLimit</code> (integer): The maximum number of records to send back.</li> <li><code>populate</code> (boolean): If enabled, the population process fills out attributes
in the returned list of records according to the model's defined associations.</li></ul> <h3 id="i18n"><a href="#i18n" aria-hidden="true" class="header-anchor">#</a> i18n</h3> <p>If your application will touch people or systems from all over the world, internationalization
and localization (<code>i18n</code>) may be an important part of your international strategy.</p> <p>Strapi provides built-in support for detecting user language preferences and translating
static words/sentences.</p> <ul><li><p>Key: <code>i18n</code></p></li> <li><p>Environment: all</p></li> <li><p>Location: <code>./config/i18n.json</code></p></li> <li><p>Type: <code>object</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;i18n&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">{</span>
<span class="token string">&quot;defaultLocale&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;en&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;modes&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">[</span>
<span class="token string">&quot;query&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;subdomain&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;cookie&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;header&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;url&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;tld&quot;</span>
<span class="token punctuation">]</span><span class="token punctuation">,</span>
<span class="token string">&quot;cookieName&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;locale&quot;</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Options:</p> <ul><li><code>defaultLocale</code> (string): The default locale to use.</li> <li><code>modes</code> (array): Accept locale variable from:
<ul><li><code>query</code>: detect query string with <code>/?locale=fr</code></li> <li><code>subdomain</code>: detect subdomain with <code>fr.myapp.com</code></li> <li><code>cookie</code>: detect cookie with <code>Accept-Language: en,fr;q=0.5</code></li> <li><code>header</code>: detect header with <code>Cookie: locale=fr</code></li> <li><code>url</code>: detect url with <code>/fr</code></li> <li><code>tld</code>: detect TLD with <code>myapp.fr</code></li></ul></li> <li><code>cookieName</code> (string): i18n cookies property, tries to find a cookie named <code>locale</code> here.
Allows the locale to be set from query string or from cookie.</li></ul> <p>Notes:</p> <ul><li>Set to <code>false</code> to disable the locales feature.</li> <li>Locales may be configured in the <code>./config/locales</code> directory.</li></ul> <h3 id="global-variables"><a href="#global-variables" aria-hidden="true" class="header-anchor">#</a> Global variables</h3> <p>For convenience, Strapi exposes a handful of global variables. By default, your application's
models, the global <code>strapi</code> object and the Lodash node module are all available on the global
scope; meaning you can refer to them by name anywhere in your backend code
(as long as Strapi has been loaded).</p> <p>Nothing in Strapi core relies on these global variables. Each and every global exposed in
Strapi may be disabled in <code>strapi.config.globals</code>.</p> <p>Bear in mind that none of the globals, including <code>strapi</code>, are accessible until after
Strapi has loaded. In other words, you won't be able to use <code>strapi.models.car</code> or <code>Car</code>
outside of a function (since Strapi will not have finished loading yet).</p> <ul><li><p>Key: <code>globals</code></p></li> <li><p>Environment: all</p></li> <li><p>Location: <code>./config/globals.json</code></p></li> <li><p>Type: <code>object</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;globals&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">{</span>
<span class="token string">&quot;models&quot;</span><span class="token punctuation">:</span> <span class="token boolean">true</span><span class="token punctuation">,</span>
<span class="token string">&quot;strapi&quot;</span><span class="token punctuation">:</span> <span class="token boolean">true</span><span class="token punctuation">,</span>
<span class="token string">&quot;async&quot;</span><span class="token punctuation">:</span> <span class="token boolean">true</span><span class="token punctuation">,</span>
<span class="token string">&quot;_&quot;</span><span class="token punctuation">:</span> <span class="token boolean">true</span><span class="token punctuation">,</span>
<span class="token string">&quot;graphql&quot;</span><span class="token punctuation">:</span> <span class="token boolean">true</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Options:</p> <ul><li><code>models</code> (boolean): Your application's models are exposed as global variables using their <code>globalId</code>.
For instance, the model defined in the file <code>./api/car/models/Car.js</code> will be globally accessible as <code>Car</code>.</li> <li><code>strapi</code> (boolean): In most cases, you will want to keep the <code>strapi</code> object globally accessible,
it makes your application code much cleaner.</li> <li><code>async</code> (boolean): Exposes an instance of Async.</li> <li><code>_</code> (boolean): Exposes an instance of Lodash.</li> <li><code>graphql</code> (boolean): Exposes an instance of GraphQL.</li></ul> <p>Notes:</p> <ul><li>Set to <code>false</code> to disable global variables.</li></ul> <h3 id="bootstrap-function"><a href="#bootstrap-function" aria-hidden="true" class="header-anchor">#</a> Bootstrap function</h3> <p>The bootstrap function is a server-side JavaScript file that is executed by Strapi
just before your application is started.</p> <p>This gives you an opportunity to set up your data model, run jobs, or perform some special logic.</p> <ul><li>Key: <code>bootstrap</code></li> <li>Environment: all</li> <li>Location: <code>./config/functions/bootstrap.js</code></li> <li>Type: <code>function</code></li></ul> <p>Notes:</p> <ul><li>It's very important to trigger the callback method when you are finished with the bootstrap.
Otherwise your server will never start, since it's waiting on the bootstrap.</li></ul> <h3 id="cron-tasks"><a href="#cron-tasks" aria-hidden="true" class="header-anchor">#</a> CRON tasks</h3> <p>CRON tasks allow you to schedule jobs (arbitrary functions) for execution at specific dates,
with optional recurrence rules. It only uses a single timer at any given time
(rather than reevaluating upcoming jobs every second/minute).</p> <ul><li><p>Key: <code>cron</code></p></li> <li><p>Environment: all</p></li> <li><p>Location: <code>./config/functions/cron.js</code></p></li> <li><p>Type: <code>object</code></p> <div class="language-js extra-class"><pre class="language-js"><code> module<span class="token punctuation">.</span>exports<span class="token punctuation">.</span>cron <span class="token operator">=</span> <span class="token punctuation">{</span>
<span class="token comment">/**
* Every day at midnight.
*/</span>
<span class="token string">'0 0 * * *'</span><span class="token punctuation">:</span> <span class="token keyword">function</span> <span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
<span class="token comment">// Your code here</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Notes:</p> <ul><li>The cron format consists of:
<ol><li>second (0 - 59, optional)</li> <li>minute (0 - 59)</li> <li>hour (0 - 23)</li> <li>day of month (1 - 31)</li> <li>month (1 - 12)</li> <li>day of week (0 - 7)</li></ol></li></ul> <h3 id="studio-connection"><a href="#studio-connection" aria-hidden="true" class="header-anchor">#</a> Studio connection</h3> <p>The Strapi Studio is a toolbox for developers that allows you to build and manage
your APIs in realtime without writing any line of code. When your application is
linked to the Studio, you are able to generate APIs from the Studio and see
the changes in realtime in your local application.</p> <ul><li><p>Key: <code>studio</code></p></li> <li><p>Environment: all</p></li> <li><p>Location: <code>./config/studio.json</code></p></li> <li><p>Type: <code>object</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;studio&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">{</span>
<span class="token string">&quot;enabled&quot;</span><span class="token punctuation">:</span> <span class="token boolean">true</span><span class="token punctuation">,</span>
<span class="token string">&quot;secretKey&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;YOUR SECRET KEY HERE&quot;</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Options:</p> <ul><li><code>enabled</code> (boolean): Do you want your application linked to the Strapi Studio?</li> <li><code>secretKey</code> (string): The secret key of your application to link your
current application with the Strapi Studio.</li></ul> <h2 id="general-environment-settings"><a href="#general-environment-settings" aria-hidden="true" class="header-anchor">#</a> General environment settings</h2> <h3 id="host"><a href="#host" aria-hidden="true" class="header-anchor">#</a> Host</h3> <p>The host name the connection was configured to.</p> <ul><li><p>Key: <code>host</code></p></li> <li><p>Environment: <code>development</code></p></li> <li><p>Location: <code>./config/environments/development/server.json</code></p></li> <li><p>Type: <code>string</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;host&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;localhost&quot;</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Notes:</p> <ul><li>You don't need to specify a <code>host</code> in a <code>production</code> environment.</li> <li>Defaults to the operating system hostname when available, otherwise <code>localhost</code>.</li></ul> <h3 id="port"><a href="#port" aria-hidden="true" class="header-anchor">#</a> Port</h3> <p>The actual port assigned after the server has been started.</p> <ul><li><p>Key: <code>port</code></p></li> <li><p>Environment: <code>development</code></p></li> <li><p>Location: <code>./config/environments/development/server.json</code></p></li> <li><p>Type: <code>integer</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;port&quot;</span><span class="token punctuation">:</span> <span class="token number">1337</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Notes:</p> <ul><li>You don't need to specify a <code>host</code> in a <code>production</code> environment.</li> <li>When no port is configured or set, Strapi will look for the <code>process.env.PORT</code>
value. If no port specified, the port will be <code>1337</code>.</li></ul> <h3 id="front-end-url"><a href="#front-end-url" aria-hidden="true" class="header-anchor">#</a> Front-end URL</h3> <p>This is the URL of your front-end application.</p> <p>This config key is useful when you don't use the <code>./public</code> directory for your
assets or when you run your automation tools such as Gulp or Grunt on an other port.</p> <p>This address can be resourceful when you need to redirect the user after he
logged in with an authentication provider.</p> <ul><li><p>Key: <code>frontendUrl</code></p></li> <li><p>Environment: <code>development</code></p></li> <li><p>Location: <code>./config/environments/development/server.json</code></p></li> <li><p>Type: <code>string</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;frontendUrl&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;&quot;</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <h3 id="reload"><a href="#reload" aria-hidden="true" class="header-anchor">#</a> Reload</h3> <p>Enable or disable auto-reload when your application crashes.</p> <ul><li><p>Key: <code>reload</code></p></li> <li><p>Environment: <code>development</code></p></li> <li><p>Location: <code>./config/environments/development/server.json</code></p></li> <li><p>Type: <code>object</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;reload&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">{</span>
<span class="token string">&quot;timeout&quot;</span><span class="token punctuation">:</span> <span class="token number">1000</span><span class="token punctuation">,</span>
<span class="token string">&quot;workers&quot;</span><span class="token punctuation">:</span> <span class="token number">1</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Options:</p> <ul><li><code>timeout</code> (integer): Set the timeout before killing a worker in ms.</li> <li><code>workers</code> (integer): Set the number of workers to spawn.
If the <code>workers</code> key is not defined, Strapi will use every free CPU
(recommended in <code>production</code> environement).</li></ul> <p>Notes:</p> <ul><li>Set to <code>false</code> to disable the auto-reload and clustering features.</li></ul> <h2 id="request"><a href="#request" aria-hidden="true" class="header-anchor">#</a> Request</h2> <h3 id="logger"><a href="#logger" aria-hidden="true" class="header-anchor">#</a> Logger</h3> <p>Enable or disable request logs.</p> <ul><li><p>Key: <code>logger</code></p></li> <li><p>Environment: <code>development</code></p></li> <li><p>Location: <code>./config/environments/development/server.json</code></p></li> <li><p>Type: <code>boolean</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;logger&quot;</span><span class="token punctuation">:</span> <span class="token boolean">true</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Notes:</p> <ul><li>Set to <code>false</code> to disable the logger.</li></ul> <h3 id="body-parser"><a href="#body-parser" aria-hidden="true" class="header-anchor">#</a> Body parser</h3> <p>Parse request bodies.</p> <ul><li><p>Key: <code>parser</code></p></li> <li><p>Environment: <code>development</code></p></li> <li><p>Location: <code>./config/environments/development/server.json</code></p></li> <li><p>Type: <code>object</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;parser&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">{</span>
<span class="token string">&quot;encode&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;utf-8&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;formLimit&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;56kb&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;jsonLimit&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;1mb&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;strict&quot;</span><span class="token punctuation">:</span> <span class="token boolean">true</span><span class="token punctuation">,</span>
<span class="token string">&quot;extendTypes&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">{</span>
<span class="token string">&quot;json&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">[</span>
<span class="token string">&quot;application/x-javascript&quot;</span>
<span class="token punctuation">]</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Options:</p> <ul><li><code>encode</code> (string): Requested encoding.</li> <li><code>formLimit</code> (string): Limit of the urlencoded body.
If the body ends up being larger than this limit, a 413 error code is returned.</li> <li><code>jsonLimit</code> (string): Limit of the JSON body.</li> <li><code>strict</code> (boolean): When set to <code>true</code>, JSON parser will only accept arrays and objects.</li> <li><code>extendTypes</code> (array): Support extend types.</li></ul> <p>Notes:</p> <ul><li>Set to <code>false</code> to disable the body parser.</li></ul> <h2 id="response"><a href="#response" aria-hidden="true" class="header-anchor">#</a> Response</h2> <h3 id="gzip"><a href="#gzip" aria-hidden="true" class="header-anchor">#</a> Gzip</h3> <p>Enable or disable Gzip compression.</p> <ul><li><p>Key: <code>gzip</code></p></li> <li><p>Environment: <code>development</code></p></li> <li><p>Location: <code>./config/environments/development/server.json</code></p></li> <li><p>Type: <code>boolean</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;gzip&quot;</span><span class="token punctuation">:</span> <span class="token boolean">true</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Notes:</p> <ul><li>Set to <code>false</code> to disable Gzip.</li></ul> <h3 id="response-time-header"><a href="#response-time-header" aria-hidden="true" class="header-anchor">#</a> Response time header</h3> <p>The <code>X-Response-Time</code> header records the response time for requests in HTTP servers.
The response time is defined here as the elapsed time from when a request enters the application
to when the headers are written out to the client.</p> <ul><li><p>Key: <code>responseTime</code></p></li> <li><p>Environment: <code>development</code></p></li> <li><p>Location: <code>./config/environments/development/reponse.json</code></p></li> <li><p>Type: <code>boolean</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;responseTime&quot;</span><span class="token punctuation">:</span> <span class="token boolean">true</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Notes:</p> <ul><li>Set to <code>false</code> to disable the response time header.</li></ul> <h2 id="databases"><a href="#databases" aria-hidden="true" class="header-anchor">#</a> Databases</h2> <p>Strapi comes installed with a powerful ORM/ODM called Waterline, a datastore-agnostic tool that
dramatically simplifies interaction with one or more databases.</p> <p>It provides an abstraction layer on top of the underlying database, allowing you to easily query
and manipulate your data without writing vendor-specific integration code.</p> <ul><li><p>Key: <code>orm</code></p></li> <li><p>Environment: <code>development</code></p></li> <li><p>Location: <code>./config/environments/development/databases.json</code></p></li> <li><p>Type: <code>object</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;orm&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">{</span>
<span class="token string">&quot;adapters&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">{</span>
<span class="token string">&quot;disk&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;sails-disk&quot;</span>
<span class="token punctuation">}</span><span class="token punctuation">,</span>
<span class="token string">&quot;defaultConnection&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;default&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;connections&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">{</span>
<span class="token string">&quot;default&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">{</span>
<span class="token string">&quot;adapter&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;disk&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;filePath&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;.tmp/&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;fileName&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;default.db&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;migrate&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;alter&quot;</span>
<span class="token punctuation">}</span><span class="token punctuation">,</span>
<span class="token string">&quot;permanent&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">{</span>
<span class="token string">&quot;adapter&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;disk&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;filePath&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;./data/&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;fileName&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;permanent.db&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;migrate&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;alter&quot;</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Options:</p> <ul><li><code>adapters</code> (object): Association between a connection and the adapter to use.</li> <li><code>defaultConnection</code> (string): The default connection will be used if the
<code>connection</code> key of a model is empty or missing.</li> <li><code>connections</code> (object): Options of the connection.
Every adapter has its own options such as <code>host</code>, <code>port</code>, <code>database</code>, etc.
The <code>migrate</code> option controls how Strapi will attempt to automatically
rebuild the tables/collections/sets/etc. in your schema.
<ul><li><code>safe</code>: never auto-migrate database(s).</li> <li><code>alter</code>: auto-migrate database(s), but attempt to keep existing data.</li> <li><code>drop</code>: drop all data and rebuild models every time your application starts.</li></ul></li></ul> <p>Notes:</p> <ul><li>When your Strapi application starts, the Waterline ORM validates all of the data in your database.
This <code>migrate</code> flag tells waterline what to do with data when the data is corrupt.
You can set this flag to <code>safe</code> which will ignore the corrupt data and continue to start.</li> <li>By using <code>drop</code>, or even <code>alter</code>, you risk losing your data. Be careful.
Never use <code>drop</code> or <code>alter</code> with a production dataset.
Additionally, on large databases <code>alter</code> may take a long time to complete at startup.
This may cause the start process to appear to hang.</li></ul> <h2 id="security"><a href="#security" aria-hidden="true" class="header-anchor">#</a> Security</h2> <h3 id="sessions"><a href="#sessions" aria-hidden="true" class="header-anchor">#</a> Sessions</h3> <p>Since HTTP driven applications are stateless, sessions provide a way to store information
about the user across requests.</p> <p>Strapi provides &quot;guest&quot; sessions, meaning any visitor will have a session,
authenticated or not. If a session is new a <code>Set-Cookie</code> will be produced regardless
of populating the session.</p> <p>Strapi only supports cookie sessions, for now.</p> <ul><li><p>Key: <code>session</code></p></li> <li><p>Environment: <code>development</code></p></li> <li><p>Location: <code>./config/environments/development/security.json</code></p></li> <li><p>Type: <code>object</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;session&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">{</span>
<span class="token string">&quot;key&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;myApp&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;secretKeys&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">[</span>
<span class="token string">&quot;mySecretKey1&quot;</span>
<span class="token punctuation">]</span><span class="token punctuation">,</span>
<span class="token string">&quot;maxAge&quot;</span><span class="token punctuation">:</span> <span class="token number">86400000</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Options:</p> <ul><li><code>key</code> (string): The cookie name.</li> <li><code>secretKeys</code> (array): Keys used to encrypt the session cookie.</li> <li><code>maxAge</code> (integer): Sets the time in seconds for when a cookie will be deleted.</li></ul> <p>Notes:</p> <ul><li>Set to <code>false</code> to disable sessions.</li></ul> <h3 id="cross-site-request-forgery-csrf-headers"><a href="#cross-site-request-forgery-csrf-headers" aria-hidden="true" class="header-anchor">#</a> Cross Site Request Forgery (CSRF) headers</h3> <p>CSRF is a type of attack which forces an end user to execute unwanted actions on a web
application backend with which he/she is currently authenticated.</p> <p>Strapi bundles optional CSRF protection out of the box.</p> <ul><li><p>Key: <code>csrf</code></p></li> <li><p>Environment: <code>development</code></p></li> <li><p>Location: <code>./config/environments/development/security.json</code></p></li> <li><p>Type: <code>object</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;csrf&quot;</span><span class="token punctuation">:</span> <span class="token boolean">false</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Options:</p> <ul><li><code>key</code> (string): The name of the CSRF token added to the model.
Defaults to <code>_csrf</code>.</li> <li><code>secret</code> (string): The key to place on the session object which maps to the server side token.
Defaults to <code>_csrfSecret</code>.</li></ul> <p>Notes:</p> <ul><li>Set to <code>false</code> to disable CSRF headers.</li> <li>If you have existing code that communicates with your Strapi backend via <code>POST</code>, <code>PUT</code>, or <code>DELETE</code>
requests, you'll need to acquire a CSRF token and include it as a parameter or header in those requests.</li></ul> <h3 id="content-security-policy-csp-headers"><a href="#content-security-policy-csp-headers" aria-hidden="true" class="header-anchor">#</a> Content Security Policy (CSP) headers</h3> <p>Content Security Policy (CSP) is a W3C specification for instructing the client browser as to
which location and/or which type of resources are allowed to be loaded.</p> <p>This spec uses &quot;directives&quot; to define a loading behaviors for target resource types.
Directives can be specified using HTTP response headers or or HTML Meta tags.</p> <ul><li><p>Key: <code>csp</code></p></li> <li><p>Environment: <code>development</code></p></li> <li><p>Location: <code>./config/environments/development/security.json</code></p></li> <li><p>Type: <code>object</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;csp&quot;</span><span class="token punctuation">:</span> <span class="token boolean">false</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Options:</p> <ul><li><code>policy</code> (object): Object definition of policy.</li> <li><code>reportOnly</code> (boolean): Enable report only mode.</li> <li><code>reportUri</code> (string): URI where to send the report data.</li></ul> <p>Notes:</p> <ul><li>Set to <code>false</code> to disable CSP headers.</li></ul> <h3 id="x-frame-options-headers"><a href="#x-frame-options-headers" aria-hidden="true" class="header-anchor">#</a> X-Frame-Options headers</h3> <p>Enables <code>X-Frame-Options</code> headers to help prevent Clickjacking.</p> <ul><li><p>Key: <code>xframe</code></p></li> <li><p>Environment: <code>development</code></p></li> <li><p>Location: <code>./config/environments/development/security.json</code></p></li> <li><p>Type: <code>string</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;xframe&quot;</span><span class="token punctuation">:</span> <span class="token string">&quot;SAMEORIGIN&quot;</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Notes:</p> <ul><li>The string is the value for the header: <code>DENY</code>, <code>SAMEORIGIN</code> or <code>ALLOW-FROM</code>.</li> <li>Set to <code>false</code> to disable X-Frame-Options headers.</li></ul> <h3 id="platform-for-privacy-preferences"><a href="#platform-for-privacy-preferences" aria-hidden="true" class="header-anchor">#</a> Platform for Privacy Preferences</h3> <p>Platform for Privacy Preferences (P3P) is a browser/web standard designed to facilitate
better consumer web privacy control. Currently out of all the major browsers, it is only
supported by Internet Explorer. It comes into play most often when dealing with legacy applications.</p> <ul><li><p>Key: <code>p3p</code></p></li> <li><p>Environment: <code>development</code></p></li> <li><p>Location: <code>./config/environments/development/security.json</code></p></li> <li><p>Type: <code>string</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;p3p&quot;</span><span class="token punctuation">:</span> <span class="token boolean">false</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Notes:</p> <ul><li>The string is the value of the compact privacy policy.</li> <li>Set to <code>false</code> to disable P3P.</li></ul> <h3 id="http-strict-transport-security"><a href="#http-strict-transport-security" aria-hidden="true" class="header-anchor">#</a> HTTP Strict Transport Security</h3> <p>Enables HTTP Strict Transport Security for the host domain.</p> <p>The preload flag is required for HSTS domain submissions to Chrome's HSTS preload list.</p> <ul><li><p>Key: <code>hsts</code></p></li> <li><p>Environment: <code>development</code></p></li> <li><p>Location: <code>./config/environments/development/security.json</code></p></li> <li><p>Type: <code>object</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;hsts&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">{</span>
<span class="token string">&quot;maxAge&quot;</span><span class="token punctuation">:</span> <span class="token number">31536000</span><span class="token punctuation">,</span>
<span class="token string">&quot;includeSubDomains&quot;</span><span class="token punctuation">:</span> <span class="token boolean">true</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Options:</p> <ul><li><code>maxAge</code> (integer): Number of seconds HSTS is in effect.</li> <li><code>includeSubDomains</code> (boolean): Applies HSTS to all subdomains of the host.</li></ul> <p>Notes:</p> <ul><li>Set to <code>false</code> to disable HSTS.</li></ul> <h3 id="x-xss-protection-headers"><a href="#x-xss-protection-headers" aria-hidden="true" class="header-anchor">#</a> X-XSS-Protection headers</h3> <p>Cross-site scripting (XSS) is a type of attack in which a malicious agent manages to inject
client-side JavaScript into your website, so that it runs in the trusted environment of your users' browsers.</p> <p>Enables <code>X-XSS-Protection</code> headers to help prevent cross site scripting (XSS) attacks in older IE browsers (IE8).</p> <ul><li><p>Key: <code>xssProtection</code></p></li> <li><p>Environment: <code>development</code></p></li> <li><p>Location: <code>./config/environments/development/security.json</code></p></li> <li><p>Type: <code>object</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;xssProtection&quot;</span><span class="token punctuation">:</span> <span class="token boolean">false</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Options:</p> <ul><li><code>enabled</code> (boolean): If the header is enabled or not.</li> <li><code>mode</code> (string): Mode to set on the header.</li></ul> <p>Notes:</p> <ul><li>Set to <code>false</code> to disable HTTP Strict Transport Security.</li></ul> <h3 id="cross-origin-resource-sharing-cors"><a href="#cross-origin-resource-sharing-cors" aria-hidden="true" class="header-anchor">#</a> Cross-Origin Resource Sharing (CORS)</h3> <p>Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources
(e.g. fonts, JavaScript, etc.) on a web page to be requested from another domain outside
the domain from which the resource originated.</p> <ul><li><p>Key: <code>cors</code></p></li> <li><p>Environment: <code>development</code></p></li> <li><p>Location: <code>./config/environments/development/security.json</code></p></li> <li><p>Type: <code>object</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;cors&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">{</span>
<span class="token string">&quot;origin&quot;</span><span class="token punctuation">:</span> <span class="token boolean">true</span><span class="token punctuation">,</span>
<span class="token string">&quot;expose&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">[</span>
<span class="token string">&quot;WWW-Authenticate&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;Server-Authorization&quot;</span>
<span class="token punctuation">]</span><span class="token punctuation">,</span>
<span class="token string">&quot;maxAge&quot;</span><span class="token punctuation">:</span> <span class="token number">31536000</span><span class="token punctuation">,</span>
<span class="token string">&quot;credentials&quot;</span><span class="token punctuation">:</span> <span class="token boolean">true</span><span class="token punctuation">,</span>
<span class="token string">&quot;methods&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">[</span>
<span class="token string">&quot;GET&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;POST&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;PUT&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;DELETE&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;OPTIONS&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;HEAD&quot;</span>
<span class="token punctuation">]</span><span class="token punctuation">,</span>
<span class="token string">&quot;headers&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">[</span>
<span class="token string">&quot;Content-Type&quot;</span><span class="token punctuation">,</span>
<span class="token string">&quot;Authorization&quot;</span>
<span class="token punctuation">]</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Options:</p> <ul><li><code>origin</code> (string|boolean): Configures the <code>Access-Control-Allow-Origin</code> CORS header.
Expects a string (ex: <code>http://example.com</code>) or a boolean.
Set to <code>true</code> to reflect the request origin, as defined by <code>req.header('Origin')</code>.
Set to <code>false</code> to disable CORS.</li> <li><code>expose</code> (array): Configures the <code>Access-Control-Expose-Headers</code> CORS header.
Set this to pass the header, otherwise it is omitted.</li> <li><code>maxAge</code> (integer): Configures the <code>Access-Control-Max-Age</code> CORS header.
Set to an integer to pass the header, otherwise it is omitted.</li> <li><code>credentials</code> (boolean): Configures the <code>Access-Control-Allow-Credentials</code> CORS header.
Set to <code>true</code> to pass the header, otherwise it is omitted.</li> <li><code>methods</code> (array): Configures the <code>Access-Control-Allow-Methods</code> CORS header.</li> <li><code>headers</code> (array): Configures the <code>Access-Control-Allow-Headers</code> CORS header.
If not specified, defaults to reflecting the headers specified in the request's
<code>Access-Control-Request-Headers</code> header.</li></ul> <p>Notes:</p> <ul><li>Set to <code>false</code> to disable CORS.</li></ul> <h3 id="secure-sockets-layer-ssl"><a href="#secure-sockets-layer-ssl" aria-hidden="true" class="header-anchor">#</a> Secure Sockets Layer (SSL)</h3> <p>Secure Sockets Layer (SSL), is a cryptographic protocol designed to provide communications security
over a computer network.</p> <p>This configuration enforce SSL for your application.</p> <ul><li><p>Key: <code>ssl</code></p></li> <li><p>Environment: <code>development</code></p></li> <li><p>Location: <code>./config/environments/development/security.json</code></p></li> <li><p>Type: <code>object</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;ssl&quot;</span><span class="token punctuation">:</span> <span class="token boolean">false</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Options:</p> <ul><li><code>disabled</code> (boolean): If <code>true</code>, this middleware will allow all requests through.</li> <li><code>trustProxy</code> (boolean): If <code>true</code>, trust the <code>X-Forwarded-Proto</code> header.</li></ul> <p>Notes:</p> <ul><li>Set to <code>false</code> to disable SSL.</li></ul> <h3 id="ip-filter"><a href="#ip-filter" aria-hidden="true" class="header-anchor">#</a> IP filter</h3> <p>The IP filter configuration allows you to whitelist or blacklist specific or range IP addresses.</p> <p>The blacklisted IP addresses won't have access to your web application at all.</p> <ul><li><p>Key: <code>ip</code></p></li> <li><p>Environment: <code>development</code></p></li> <li><p>Location: <code>./config/environments/development/security.json</code></p></li> <li><p>Type: <code>object</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;ip&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">{</span>
<span class="token string">&quot;whiteList&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">[</span><span class="token punctuation">]</span><span class="token punctuation">,</span>
<span class="token string">&quot;blackList&quot;</span><span class="token punctuation">:</span> <span class="token punctuation">[</span><span class="token punctuation">]</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Options:</p> <ul><li><code>whiteList</code> (array): IP addresses allowed.</li> <li><code>blackList</code> (array): IP addresses forbidden.</li></ul> <p>Notes:</p> <ul><li>Set to <code>false</code> to disable IP filter.</li></ul> <h3 id="proxy"><a href="#proxy" aria-hidden="true" class="header-anchor">#</a> Proxy</h3> <p>A proxy server is a server that acts as an intermediary for requests from clients
seeking resources from other servers.</p> <p>Request your server, fetch the proxy URL you typed and return.</p> <ul><li><p>Key: <code>proxy</code></p></li> <li><p>Environment: <code>development</code></p></li> <li><p>Location: <code>./config/environments/development/security.json</code></p></li> <li><p>Type: <code>string</code></p></li> <li><p>Defaults to:</p> <div class="language-js extra-class"><pre class="language-js"><code><span class="token punctuation">{</span>
<span class="token string">&quot;proxy&quot;</span><span class="token punctuation">:</span> <span class="token boolean">false</span>
<span class="token punctuation">}</span>
</code></pre></div></li></ul> <p>Notes:</p> <ul><li>The string will fetch the host and return.</li> <li>Set to <code>false</code> to disable the proxy security.</li></ul></div> <div class="page-edit"><div class="edit-link"><a href="https://github.com/strapi/strapi/edit/master/docs/1.x.x/configuration.md" target="_blank" rel="noopener noreferrer">Improve this page</a> <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg></div> <!----></div> <div class="page-nav"><p class="inner"><span class="prev">
<a href="/documentation/1.x.x/admin.html" class="prev">
Admin
</a></span> <span class="next"><a href="/documentation/1.x.x/email.html">
Email
</a>
</span></p></div> </div></div></div>
<script src="/documentation/assets/js/8.dc78e1c2.js" defer></script><script src="/documentation/assets/js/app.a8210063.js" defer></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink